diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-19 23:28:29 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-08-24 14:24:53 +0100 |
commit | 2b4029e68fd7002d2307e6c3cde0f3784eef9c83 (patch) | |
tree | 2a080a098b4e74474de7e3e8a89f197c248b4d36 /crypto/mdc2/mdc2dgst.c | |
parent | e95f5e03f6f1f8d3f6cbe4b7fa48e57b4cf8fd60 (diff) | |
download | openssl-2b4029e68fd7002d2307e6c3cde0f3784eef9c83.zip openssl-2b4029e68fd7002d2307e6c3cde0f3784eef9c83.tar.gz openssl-2b4029e68fd7002d2307e6c3cde0f3784eef9c83.tar.bz2 |
Avoid overflow in MDC2_Update()
Thanks to Shi Lei for reporting this issue.
CVE-2016-6303
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07)
Diffstat (limited to 'crypto/mdc2/mdc2dgst.c')
-rw-r--r-- | crypto/mdc2/mdc2dgst.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 6615cf8..2dce493 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) i = c->num; if (i != 0) { - if (i + len < MDC2_BLOCK) { + if (len < MDC2_BLOCK - i) { /* partial block */ memcpy(&(c->data[i]), in, len); c->num += (int)len; |