bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.

CVE-2015-1788 Reviewed-by: N Matt Caswell <matt@openssl.org>

bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
CVE-2015-1788 Reviewed-by: N Matt Caswell <matt@openssl.org>
4924b37e · Andy Polyakov · 59302b60 · 4924b37e
隐藏空白更改
内联并排

Showing with 10 addition and 5 deletion

crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c +10 -5

未找到文件。
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -691,9 +691,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
    }
 # else
    {
-        int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy
-                                                                * of p */
-            top = p->top;
+        int i;
+        int ubits = BN_num_bits(u);
+        int vbits = BN_num_bits(v); /* v is copy of p */
+        int top = p->top;
        BN_ULONG *udp, *bdp, *vdp, *cdp;

        bn_wexpand(u, top);
@@ -737,8 +738,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                ubits--;
            }

-            if (ubits <= BN_BITS2 && udp[0] == 1)
-                break;
+            if (ubits <= BN_BITS2) {
+                if (udp[0] == 0) /* poly was reducible */
+                    goto err;
+                if (udp[0] == 1)
+                    break;
+            }

            if (ubits < vbits) {
                i = ubits;