[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Sun May 22 10:10:09 UTC 2016
The branch master has been updated
via 1544583bbc2b60f1a4f456ca591495c215e661c2 (commit)
via acc600928dfddebb6f0dc5a44dee35339e8820fb (commit)
from 169a8e391e2956687e9f148719687a5ff6ffaa39 (commit)
- Log -----------------------------------------------------------------
commit 1544583bbc2b60f1a4f456ca591495c215e661c2
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat May 21 16:53:14 2016 +0200
Avoid creating an illegal pointer
Found by tis-interpreter
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #1106
commit acc600928dfddebb6f0dc5a44dee35339e8820fb
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat May 21 16:32:15 2016 +0200
Avoid creating an illegal pointer
Found by tis-interpreter
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #1106
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_div.c | 6 +++++-
crypto/bn/bn_lib.c | 6 ++++--
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index a456ce8..eef1b87 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -278,6 +278,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
res->top--;
}
+ /* Increase the resp pointer so that we never create an invalid pointer. */
+ resp++;
+
/*
* if res->top == 0 then clear the neg value otherwise decrease the resp
* pointer
@@ -287,7 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
else
resp--;
- for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+ for (i = 0; i < loop - 1; i++, wnump--) {
BN_ULONG q, l0;
/*
* the first part of the loop uses the top two words of snum and sdiv
@@ -393,6 +396,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
(*wnump)++;
}
/* store part of the result */
+ resp--;
*resp = q;
}
bn_correct_top(snum);
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 7c43402..ccdefb3 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -1022,9 +1022,11 @@ void bn_correct_top(BIGNUM *a)
int tmp_top = a->top;
if (tmp_top > 0) {
- for (ftl = &(a->d[tmp_top - 1]); tmp_top > 0; tmp_top--)
- if (*(ftl--))
+ for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+ ftl--;
+ if (*ftl != 0)
break;
+ }
a->top = tmp_top;
}
bn_pollute(a);
More information about the openssl-commits
mailing list