Merge pull request #648 from the-Chain-Warden-thresh/master

Fix some unpatched CVEs in OpensslLib
CloverHackyColor · Nov 9, 2023 · 2d5f73c · 2d5f73c
2 parents 2289e2e + 7b65b0b
commit 2d5f73c
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 6 deletions.
diff --git a/Library/OpensslLib/openssl-1.0.1e/crypto/evp/encode.c b/Library/OpensslLib/openssl-1.0.1e/crypto/evp/encode.c
@@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 	*outl=0;
 	if (inl == 0) return;
 	OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-	if ((ctx->num+inl) < ctx->length)
+	if (ctx->length - ctx->num > inl)
 		{
 		memcpy(&(ctx->enc_data[ctx->num]),in,inl);
 		ctx->num+=inl;

diff --git a/Library/OpensslLib/openssl-1.0.1e/crypto/evp/evp_enc.c b/Library/OpensslLib/openssl-1.0.1e/crypto/evp/evp_enc.c
@@ -343,7 +343,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 	OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
 	if (i != 0)
 		{
-		if (i+inl < bl)
+		if (bl - i > inl)
 			{
 			memcpy(&(ctx->buf[i]),in,inl);
 			ctx->buf_len+=inl;

diff --git a/Library/OpensslLib/openssl-1.0.1e/crypto/mdc2/mdc2dgst.c b/Library/OpensslLib/openssl-1.0.1e/crypto/mdc2/mdc2dgst.c
@@ -92,7 +92,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
 	i=c->num;
 	if (i != 0)
 		{
-		if (i+len < MDC2_BLOCK)
+		if (len < MDC2_BLOCK - i)
 			{
 			/* partial block */
 			memcpy(&(c->data[i]),in,len);

diff --git a/Library/OpensslLib/openssl-1.0.1e/crypto/ts/ts_lib.c b/Library/OpensslLib/openssl-1.0.1e/crypto/ts/ts_lib.c
@@ -90,9 +90,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
 	{
 	char obj_txt[128];
 
-	int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-	BIO_write(bio, obj_txt, len);
-	BIO_write(bio, "\n", 1);
+	OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+    BIO_printf(bio, "%s\n", obj_txt);
 
 	return 1;
 	}