From 5bea7975a6b8b83cce938618a9fcaaa248c10712 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 29 Apr 2015 09:58:10 +0100 Subject: [PATCH] Add sanity check to print_bin function Add a sanity check to the print_bin function to ensure that the |off| argument is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov (cherry picked from commit 3deeeeb61b0c5b9b5f0993a67b7967d2f85186da) --- crypto/ec/eck_prn.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 515b262387..df9b37a750 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -346,12 +346,14 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, if (buf == NULL) return 1; - if (off) { + if (off > 0) { if (off > 128) off = 128; memset(str, ' ', off); if (BIO_write(fp, str, off) <= 0) return 0; + } else { + off = 0; } if (BIO_printf(fp, "%s", name) <= 0) -- 2.25.1