diff options
| author | tb <> | 2025-08-03 10:32:04 +0000 |
|---|---|---|
| committer | tb <> | 2025-08-03 10:32:04 +0000 |
| commit | e174a4e182177c20c0cde88525f3c84ed7c7d03a (patch) | |
| tree | 37a7baec30db3c8b5a4ff9bd2a36cf2e6b35fe9d /src | |
| parent | b4cbde9ca1f006956602ab75531a960213340b10 (diff) | |
| download | openbsd-e174a4e182177c20c0cde88525f3c84ed7c7d03a.tar.gz openbsd-e174a4e182177c20c0cde88525f3c84ed7c7d03a.tar.bz2 openbsd-e174a4e182177c20c0cde88525f3c84ed7c7d03a.zip | |
Avoid signed overflow in BN_mul()
Reported by smatch via jsg.
ok beck jsing kenjiro
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_mul.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c index bdeb9b0fe8..7ec7d43437 100644 --- a/src/lib/libcrypto/bn/bn_mul.c +++ b/src/lib/libcrypto/bn/bn_mul.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_mul.c,v 1.39 2023/07/08 12:21:58 beck Exp $ */ | 1 | /* $OpenBSD: bn_mul.c,v 1.40 2025/08/03 10:32:04 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <assert.h> | 59 | #include <assert.h> |
| 60 | #include <limits.h> | ||
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| 61 | #include <string.h> | 62 | #include <string.h> |
| 62 | 63 | ||
| @@ -338,9 +339,9 @@ BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 338 | if (rr == NULL) | 339 | if (rr == NULL) |
| 339 | goto err; | 340 | goto err; |
| 340 | 341 | ||
| 341 | rn = a->top + b->top; | 342 | if (a->top > INT_MAX - b->top) |
| 342 | if (rn < a->top) | ||
| 343 | goto err; | 343 | goto err; |
| 344 | rn = a->top + b->top; | ||
| 344 | if (!bn_wexpand(rr, rn)) | 345 | if (!bn_wexpand(rr, rn)) |
| 345 | goto err; | 346 | goto err; |
| 346 | 347 | ||