File openssl-CVE-2016-0797.patch of Package openssl

Index: openssl-1.0.1i/crypto/bn/bn_print.c
===================================================================
--- openssl-1.0.1i.orig/crypto/bn/bn_print.c	2014-07-22 21:41:23.000000000 +0200
+++ openssl-1.0.1i/crypto/bn/bn_print.c	2016-02-24 22:09:06.146184510 +0100
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include <ctype.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
@@ -180,10 +181,12 @@
 
 	if (*a == '-') { neg=1; a++; }
 
-	for (i=0; isxdigit((unsigned char) a[i]); i++)
-		;
+    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++);
+    if (i > INT_MAX/4)
+        goto err;
+
+    num = i + neg;
 
-	num=i+neg;
 	if (bn == NULL) return(num);
 
 	/* a is the start of the hex digits, and it is 'i' long */
@@ -197,7 +200,7 @@
 		BN_zero(ret);
 		}
 
-	/* i is the number of hex digests; */
+	/* i is the number of hex digits */
 	if (bn_expand(ret,i*4) == NULL) goto err;
 
 	j=i; /* least significant 'hex' */
@@ -244,12 +247,15 @@
 	int num;
 
 	if ((a == NULL) || (*a == '\0')) return(0);
+
 	if (*a == '-') { neg=1; a++; }
 
-	for (i=0; isdigit((unsigned char) a[i]); i++)
-		;
+    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++);
+    if (i > INT_MAX/4)
+        goto err;
+
+    num = i + neg;
 
-	num=i+neg;
 	if (bn == NULL) return(num);
 
 	/* a is the start of the digits, and it is 'i' long.
@@ -264,7 +270,7 @@
 		BN_zero(ret);
 		}
 
-	/* i is the number of digests, a bit of an over expand; */
+	/* i is the number of digits, a bit of an over expand */
 	if (bn_expand(ret,i*4) == NULL) goto err;
 
 	j=BN_DEC_NUM-(i%BN_DEC_NUM);
Index: openssl-1.0.1i/crypto/bn/bn.h
===================================================================
--- openssl-1.0.1i.orig/crypto/bn/bn.h	2014-08-06 23:10:56.000000000 +0200
+++ openssl-1.0.1i/crypto/bn/bn.h	2016-02-24 22:10:22.862770519 +0100
@@ -131,6 +131,7 @@
 #endif
 #include <openssl/ossl_typ.h>
 #include <openssl/crypto.h>
+#include <limits.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -696,8 +697,16 @@
 
 /* library internal functions */
 
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-	(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+#define bn_expand(a,bits) \
+    ( \
+        bits > (INT_MAX - BN_BITS2 + 1) ? \
+            NULL \
+        : \
+            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
+                (a) \
+            : \
+                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
+    )
 #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 #ifndef OPENSSL_NO_DEPRECATED