bn2bin(): Don't accept len < 0

Test included Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20033)
author: Richard Levitte <levitte@openssl.org> 2023-01-13 12:51:43 +0100
committer: Hugo Landau <hlandau@openssl.org> 2023-01-20 07:38:40 +0000
commit: c9466f38e0191aa86e0bd49267b0c4ef33e3a3d2 (patch)
tree: e9328ce9ea8e4a813a6b8401344d01b3b128c7bf /crypto/bn
parent: 15192335c8bbfb78bc02086bcd77a0d82efffbce (diff)
download: openssl-new-c9466f38e0191aa86e0bd49267b0c4ef33e3a3d2.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 9d665c26fc..ead513c7ae 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -440,6 +440,10 @@ static BIGNUM *bin2bn(const unsigned char *s, int len, BIGNUM *ret,
     unsigned int n;
     BIGNUM *bn = NULL;
 
+    /* Negative length is not acceptable */
+    if (len < 0)
+        return NULL;
+
     if (ret == NULL)
         ret = bn = BN_new();
     if (ret == NULL)
author	Richard Levitte <levitte@openssl.org>	2023-01-13 12:51:43 +0100
committer	Hugo Landau <hlandau@openssl.org>	2023-01-20 07:38:40 +0000
commit	c9466f38e0191aa86e0bd49267b0c4ef33e3a3d2 (patch)
tree	e9328ce9ea8e4a813a6b8401344d01b3b128c7bf /crypto/bn
parent	15192335c8bbfb78bc02086bcd77a0d82efffbce (diff)
download	openssl-new-c9466f38e0191aa86e0bd49267b0c4ef33e3a3d2.tar.gz