Fix overflow check in BN_bn2dec()

Fix an off by one error in the overflow check added by 07bed46f332fc ("Check for errors in BN_bn2dec()"). Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 099e2968ed3c7d256cda048995626664082b1b30)
author: Kazuki Yamaguchi <k@rhe.jp> 2016-08-22 02:36:36 +0900
committer: Matt Caswell <matt@openssl.org> 2016-08-22 17:10:59 +0100
commit: 3612ff6fcec0e3d1f2a598135fe12177c0419582 (patch)
tree: 954f84a48727360b367e7b48888779e04a1bedec
parent: cfd40fd39e69f5e3c654ae8fbf9acb1d2a051144 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index b44403ecfd..a9ff271b9a 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a)
         if (BN_is_negative(t))
             *p++ = '-';
 
-        i = 0;
         while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
             *lp = BN_div_word(t, BN_DEC_CONV);
             if (*lp == (BN_ULONG)-1)
                 goto err;
             lp++;
-            if (lp - bn_data >= bn_data_num)
-                goto err;
         }
         lp--;
         /*
author	Kazuki Yamaguchi <k@rhe.jp>	2016-08-22 02:36:36 +0900
committer	Matt Caswell <matt@openssl.org>	2016-08-22 17:10:59 +0100
commit	3612ff6fcec0e3d1f2a598135fe12177c0419582 (patch)
tree	954f84a48727360b367e7b48888779e04a1bedec
parent	cfd40fd39e69f5e3c654ae8fbf9acb1d2a051144 (diff)