File openssl-CVE-2016-6303.patch of Package openssl.11276

commit 2b4029e68fd7002d2307e6c3cde0f3784eef9c83
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Fri Aug 19 23:28:29 2016 +0100

    Avoid overflow in MDC2_Update()
    
    Thanks to Shi Lei for reporting this issue.
    
    CVE-2016-6303
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)

Index: openssl-1.0.1i/crypto/mdc2/mdc2dgst.c
===================================================================
--- openssl-1.0.1i.orig/crypto/mdc2/mdc2dgst.c	2016-08-25 11:36:31.881125433 +0200
+++ openssl-1.0.1i/crypto/mdc2/mdc2dgst.c	2016-08-25 11:37:27.478005330 +0200
@@ -92,7 +92,7 @@ int MDC2_Update(MDC2_CTX *c, const unsig
 	i=c->num;
 	if (i != 0)
 		{
-		if (i+len < MDC2_BLOCK)
+		if (len < MDC2_BLOCK - i)
 			{
 			/* partial block */
 			memcpy(&(c->data[i]),in,len);
openSUSE Build Service is sponsored by