[openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-109-ga43bcd9

Emilia Kasper emilia at openssl.org
Wed Dec 17 09:03:17 UTC 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, OpenSSL_1_0_2-stable has been updated
       via  a43bcd9e96c5180e5c6c82164ece643c0097485e (commit)
      from  c8667a2e462c3e9e2c4fe1dc170b9b157d9ba938 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a43bcd9e96c5180e5c6c82164ece643c0097485e
Author: Emilia Kasper <emilia at openssl.org>
Date:   Mon Dec 15 14:52:22 2014 +0100

    Check for invalid divisors in BN_div.
    
    Invalid zero-padding in the divisor could cause a division by 0.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_div.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 7b24031..0ec90e8 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -189,15 +189,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	int no_branch=0;
 
 	/* Invalid zero-padding would have particularly bad consequences
-	 * in the case of 'num', so don't just rely on bn_check_top() for this one
+	 * so don't just rely on bn_check_top() here
 	 * (bn_check_top() works only for BN_DEBUG builds) */
-	if (num->top > 0 && num->d[num->top - 1] == 0)
+	if ((num->top > 0 && num->d[num->top - 1] == 0) ||
+		(divisor->top > 0 && divisor->d[divisor->top - 1] == 0))
 		{
 		BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
 		return 0;
 		}
 
 	bn_check_top(num);
+	bn_check_top(divisor);
 
 	if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
 		{
@@ -207,7 +209,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	bn_check_top(dv);
 	bn_check_top(rm);
 	/* bn_check_top(num); */ /* 'num' has been checked already */
-	bn_check_top(divisor);
+	/* bn_check_top(divisor); */ /* 'divisor' has been checked already */
 
 	if (BN_is_zero(divisor))
 		{


hooks/post-receive
-- 
OpenSSL source code

More information about the openssl-commits mailing list