File openssl-CVE-2016-6303.patch of Package compat-openssl098.14113

commit 2b4029e68fd7002d2307e6c3cde0f3784eef9c83
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Fri Aug 19 23:28:29 2016 +0100

    Avoid overflow in MDC2_Update()
    
    Thanks to Shi Lei for reporting this issue.
    
    CVE-2016-6303
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)

Index: openssl-0.9.8j/crypto/mdc2/mdc2dgst.c
===================================================================
--- openssl-0.9.8j.orig/crypto/mdc2/mdc2dgst.c	2008-09-16 12:47:25.000000000 +0200
+++ openssl-0.9.8j/crypto/mdc2/mdc2dgst.c	2016-09-22 17:55:22.678698357 +0200
@@ -96,7 +96,7 @@ int MDC2_Update(MDC2_CTX *c, const unsig
 	i=c->num;
 	if (i != 0)
 		{
-		if (i+len < MDC2_BLOCK)
+		if (len < MDC2_BLOCK - i)
 			{
 			/* partial block */
 			memcpy(&(c->data[i]),in,len);
openSUSE Build Service is sponsored by