From 724fa19847a977c5790a4e1d0b2e4fe6d95646fa Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 12 Sep 2020 15:24:39 +0000
Subject: Avoid an out-of-bounds access in BN_rand()

If BN_rand() is called with top > 0 and bits == 1, it would allocate
a buf[] of size 1 and set the top bit of buf[1].

Found in OpenSSL commit efee575ad464bfb60bf72dcb73f9b51768f4b1a1 while
looking for something else.

ok beck djm inoguchi
---
 src/lib/libcrypto/bn/bn_rand.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index df798f41bc..4626960a0d 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.22 2018/11/06 06:49:45 tb Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.23 2020/09/12 15:24:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -129,6 +129,11 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 		return (0);
 	}
 
+	if (bits < 0 || (bits == 1 && top > 0)) {
+		BNerror(BN_R_BITS_TOO_SMALL);
+		return (0);
+	}
+
 	if (bits == 0) {
 		BN_zero(rnd);
 		return (1);
@@ -166,8 +171,8 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 	}
 #endif
 
-	if (top != -1) {
-		if (top) {
+	if (top >= 0) {
+		if (top > 0) {
 			if (bit == 0) {
 				buf[0] = 1;
 				buf[1] |= 0x80;
-- 
cgit v1.2.3-55-g6feb