boringssl

History

David Benjamin b3a7b51f18 Fix off-by-one in BN_rand If BN_rand is called with \|bits\| set to 1 and \|top\| set to 1 then a 1 byte buffer overflow can occur. See also upstream's efee575ad464bfb60bf72dcb73f9b51768f4b1a1. But rather than making \|BN_rand\| fail, be consistent with the \|bits\| = 0 case and just don't set the bits that don't exist. Add tests to ensure the degenerate cases behave. Change-Id: I5e9fbe6fd8f7f7b2e011a680f2fbe6d7ed4dab65 Reviewed-on: https://boringssl-review.googlesource.com/4893 Reviewed-by: Adam Langley <agl@google.com>	2015-05-27 22:03:05 +00:00
..
openssl	Fix off-by-one in BN_rand	2015-05-27 22:03:05 +00:00

David Benjamin b3a7b51f18 Fix off-by-one in BN_rand

If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur.

See also upstream's efee575ad464bfb60bf72dcb73f9b51768f4b1a1. But rather than
making |BN_rand| fail, be consistent with the |bits| = 0 case and just don't
set the bits that don't exist. Add tests to ensure the degenerate cases behave.

Change-Id: I5e9fbe6fd8f7f7b2e011a680f2fbe6d7ed4dab65
Reviewed-on: https://boringssl-review.googlesource.com/4893
Reviewed-by: Adam Langley <agl@google.com>

2015-05-27 22:03:05 +00:00

openssl

Fix off-by-one in BN_rand

2015-05-27 22:03:05 +00:00