[openssl-commits] [openssl] master update

Fri May 27 09:08:19 UTC 2016

The branch master has been updated
       via  5e0dc5c9992ad53d12b07eb5d12a0e23dd5be670 (commit)
       via  58c03e3b9225fe1a8e3f6b8c23c45b33e26fedb5 (commit)
      from  753be41d592e53189fc3905a2d45fd51de9aeaea (commit)


- Log -----------------------------------------------------------------
commit 5e0dc5c9992ad53d12b07eb5d12a0e23dd5be670
Author: huangqinjin <huangqinjin at gmail.com>
Date:   Wed May 18 18:07:10 2016 +0800

    Update the documentation of BN_hex2bn()
    
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 58c03e3b9225fe1a8e3f6b8c23c45b33e26fedb5
Author: huangqinjin <huangqinjin at gmail.com>
Date:   Sat May 7 00:50:22 2016 +0800

    fix BN_hex2bn()/BN_dec2bn() memory leak
    
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_print.c     |  4 ++--
 doc/crypto/BN_bn2bin.pod | 16 +++++++++-------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 8d06405..78589db 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -139,7 +139,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
         continue;
 
-    if (i > INT_MAX/4)
+    if (i == 0 || i > INT_MAX/4)
         goto err;
 
     num = i + neg;
@@ -209,7 +209,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
         continue;
 
-    if (i > INT_MAX/4)
+    if (i == 0 || i > INT_MAX/4)
         goto err;
 
     num = i + neg;
diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod
index b229da7..8098fd9 100644
--- a/doc/crypto/BN_bn2bin.pod
+++ b/doc/crypto/BN_bn2bin.pod
@@ -51,11 +51,12 @@ hexadecimal and decimal encoding of B<a> respectively. For negative
 numbers, the string is prefaced with a leading '-'. The string must be
 freed later using OPENSSL_free().
 
-BN_hex2bn() converts the string B<str> containing a hexadecimal number
-to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
-B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
-length in hexadecimal digits. If the string starts with '-', the
-number is negative. BN_dec2bn() is the same using the decimal system.
+BN_hex2bn()takes as many characters as possible from the string B<str>,
+including the leading character '-' which means negative, to form a valid
+hexadecimal number representation and converts them to a B<BIGNUM> and
+stores it in **B<bn>. If *B<bn> is NULL, a new B<BIGNUM> is created. If
+B<bn> is NULL, it only computes the length of valid representation.
+BN_dec2bn() is the same using the decimal system.
 
 BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
 with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
@@ -84,8 +85,9 @@ BN_bn2binpad() returns the number of bytes written or -1 if the supplied
 buffer is too small.
 
 BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
-on error. BN_hex2bn() and BN_dec2bn() return the number's length in
-hexadecimal or decimal digits, and 0 on error.
+on error. BN_hex2bn() and BN_dec2bn() return the the length of valid
+representation in hexadecimal or decimal digits, and 0 on error, in which
+case no new B<BIGNUM> will be created.
 
 BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
 
