From ca4bb8fd7a5a26fd8735668aa2353f221a0d0fbc Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sat, 23 Mar 2019 18:48:15 +0000
Subject: Add range checks to varios ASN1_INTEGER functions to ensure the sizes
 used remain a positive integer. Should address issue 13799 from oss-fuzz ok
 tb@ jsing@

---
 src/lib/libcrypto/bn/bn_lib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/bn')

diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 0b79a87413..0025cf52ef 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.45 2018/07/23 18:14:32 tb Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.46 2019/03/23 18:48:15 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -578,6 +578,8 @@ BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
 	BN_ULONG l;
 	BIGNUM *bn = NULL;
 
+	if (len < 0)
+		return (NULL);
 	if (ret == NULL)
 		ret = bn = BN_new();
 	if (ret == NULL)
-- 
cgit v1.2.3-55-g6feb