From: Kan <chenxinpingc2306@163.com>
Date: Thu, 16 Dec 2021 16:35:32 +0000 (+0800)
Subject: Add static check in BN_hex2bn
X-Git-Tag: openssl-3.2.0-alpha1~3168
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c78bd4be810ddceb8f13585a921946cc98f5fbd;p=thirdparty%2Fopenssl.git

Add static check in BN_hex2bn

Fixes #17298

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17299)
---

diff --git a/crypto/bn/bn_conv.c b/crypto/bn/bn_conv.c
index 6757f3d0aae..75054f5d6a6 100644
--- a/crypto/bn/bn_conv.c
+++ b/crypto/bn/bn_conv.c
@@ -154,6 +154,10 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
             return 0;
     } else {
         ret = *bn;
+        if (BN_get_flags(ret, BN_FLG_STATIC_DATA)) {
+            ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
+            return 0;
+        }
         BN_zero(ret);
     }