Fix off-by-one error in BN_bn2hex

A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-05-19 13:59:47 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-04 09:23:02 +0100
commit: c56353071d9849220714d8a556806703771b9269 (patch)
tree: a6ceee0dcd0cbb820ea1f29679490ef699cec6ca /crypto/bn/bn_print.c
parent: 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index b0b70b5dae..f528a36ff4 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
     char *buf;
     char *p;
 
-    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    if (a->neg && BN_is_zero(a)) {
+        /* "-0" == 3 bytes including NULL terminator */
+        buf = OPENSSL_malloc(3);
+    } else {
+        buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    }
     if (buf == NULL) {
         BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
         goto err;
author	Matt Caswell <matt@openssl.org>	2015-05-19 13:59:47 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-04 09:23:02 +0100
commit	c56353071d9849220714d8a556806703771b9269 (patch)
tree	a6ceee0dcd0cbb820ea1f29679490ef699cec6ca /crypto/bn/bn_print.c
parent	7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 (diff)