FPII-2846 :Remote code execution vulnerability in OpenSSL & BoringSSL CVE-2016-2182 A-32096880
CVE-2016-2182 BN_bn2dec overflow fix
This is a combination of two patches from the OpenSSL repository:
07bed46f332fce8c1d157689a2cdf915a982ae34
099e2968ed3c7d256cda048995626664082b1b30
Here are the original patch descriptions:
-----
commit 07bed46f332fce8c1d157689a2cdf915a982ae34
author Dr. Stephen Henson <steve@openssl.org>
Fri, 5 Aug 2016 05:26:03 -0800 (14:26 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 15 Aug 2016 15:19:19 -0800 (00:19 +0100)
If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug.
CVE-2016-2182
-----
commit 099e2968ed3c7d256cda048995626664082b1b30
author Kazuki Yamaguchi <k@rhe.jp>
Sun, 21 Aug 2016 09:36:36 -0800 (02:36 +0900)
committer Matt Caswell <matt@openssl.org>
Mon, 22 Aug 2016 04:38:48 -0800 (13:38 +0100)
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46f332fc
("Check for errors in BN_bn2dec()").
Bug: 32096880
Change-Id: Ic08ada128ac910605b00f06658abcf3909134524
(cherry picked from commit 89c62410b6558d5ffc7c029fb7775d6e052a9ce5)
1 file changed