Skip to content

Commit beba892

Browse files
committed
Fix possible integer overflow
1 parent 6ca6898 commit beba892

8 files changed

+33
-0
lines changed

bn_mp_2expt.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
1212
{
1313
mp_err err;
1414

15+
if (b < 0) {
16+
return MP_VAL;
17+
}
18+
1519
/* zero a as per default */
1620
mp_zero(a);
1721

bn_mp_grow.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
99
int i;
1010
mp_digit *tmp;
1111

12+
if (size < 0) {
13+
return MP_VAL;
14+
}
15+
1216
/* if the alloc size is smaller alloc more ram */
1317
if (a->alloc < size) {
1418
/* reallocate the array a->dp

bn_mp_init_size.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,11 @@
66
/* init an mp_init for a given size */
77
mp_err mp_init_size(mp_int *a, int size)
88
{
9+
10+
if (size < 0) {
11+
return MP_VAL;
12+
}
13+
914
size = MP_MAX(MP_MIN_PREC, size);
1015

1116
/* alloc mem */

bn_mp_mul_2d.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
99
mp_digit d;
1010
mp_err err;
1111

12+
if (b < 0) {
13+
return MP_VAL;
14+
}
15+
1216
/* copy */
1317
if (a != c) {
1418
if ((err = mp_copy(a, c)) != MP_OKAY) {

bn_s_mp_mul_digs.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
1616
mp_word r;
1717
mp_digit tmpx, *tmpt, *tmpy;
1818

19+
if (digs < 0) {
20+
return MP_VAL;
21+
}
22+
1923
/* can we use the fast multiplier? */
2024
if ((digs < MP_WARRAY) &&
2125
(MP_MIN(a->used, b->used) < MP_MAXFAST)) {

bn_s_mp_mul_digs_fast.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs)
2626
mp_digit W[MP_WARRAY];
2727
mp_word _W;
2828

29+
if (digs < 0) {
30+
return MP_VAL;
31+
}
32+
2933
/* grow the destination as required */
3034
if (c->alloc < digs) {
3135
if ((err = mp_grow(c, digs)) != MP_OKAY) {

bn_s_mp_mul_high_digs.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
1515
mp_word r;
1616
mp_digit tmpx, *tmpt, *tmpy;
1717

18+
if (digs < 0) {
19+
return MP_VAL;
20+
}
21+
1822
/* can we use the fast multiplier? */
1923
if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
2024
&& ((a->used + b->used + 1) < MP_WARRAY)

bn_s_mp_mul_high_digs_fast.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int
1919
mp_digit W[MP_WARRAY];
2020
mp_word _W;
2121

22+
if (digs < 0) {
23+
return MP_VAL;
24+
}
25+
2226
/* grow the destination as required */
2327
pa = a->used + b->used;
2428
if (c->alloc < pa) {

0 commit comments

Comments
 (0)