File openssl-CVE-2016-0797.patch of Package libopenssl0_9_8

Index: openssl-0.9.8zh/crypto/bn/bn_print.c
===================================================================
--- openssl-0.9.8zh.orig/crypto/bn/bn_print.c	2016-03-01 14:12:00.432969639 +0100
+++ openssl-0.9.8zh/crypto/bn/bn_print.c	2016-03-01 14:15:14.463143015 +0100
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include <ctype.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
@@ -189,7 +190,9 @@ int BN_hex2bn(BIGNUM **bn, const char *a
         a++;
     }
 
-    for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
+    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++);
+    if (i > INT_MAX/4)
+        goto err;
 
     num = i + neg;
     if (bn == NULL)
@@ -204,7 +207,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a
         BN_zero(ret);
     }
 
-    /* i is the number of hex digests; */
+    /* i is the number of hex digits; */
     if (bn_expand(ret, i * 4) == NULL)
         goto err;
 
@@ -260,7 +263,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a
         a++;
     }
 
-    for (i = 0; isdigit((unsigned char)a[i]); i++) ;
+    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++);
+    if (i > INT_MAX/4)
+        goto err;
 
     num = i + neg;
     if (bn == NULL)
@@ -278,7 +283,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a
         BN_zero(ret);
     }
 
-    /* i is the number of digests, a bit of an over expand; */
+    /* i is the number of digits, a bit of an over expand; */
     if (bn_expand(ret, i * 4) == NULL)
         goto err;
 
Index: openssl-0.9.8zh/crypto/bn/bn.h
===================================================================
--- openssl-0.9.8zh.orig/crypto/bn/bn.h	2016-03-01 14:12:01.388985272 +0100
+++ openssl-0.9.8zh/crypto/bn/bn.h	2016-03-01 14:21:34.848366586 +0100
@@ -77,6 +77,7 @@
 #  include <stdio.h>            /* FILE */
 # endif
 # include <openssl/ossl_typ.h>
+#include <limits.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -704,8 +705,16 @@ const BIGNUM *BN_get0_nist_prime_521(voi
 
 /* library internal functions */
 
-# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+#define bn_expand(a,bits) \
+    ( \
+        bits > (INT_MAX - BN_BITS2 + 1) ? \
+            NULL \
+        : \
+            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
+                (a) \
+            : \
+                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
+    )
 # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 # ifndef OPENSSL_NO_DEPRECATED