c56353071d
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>