Check for 0 modulus in BN_MONT_CTX_set

The function BN_MONT_CTX_set was assuming that the modulus was non-zero and therefore that |mod->top| > 0. In an error situation that may not be the case and could cause a seg fault. This is a follow on from CVE-2015-1794. Reviewed-by: N Richard Levitte <levitte@openssl.org>

Check for 0 modulus in BN_MONT_CTX_set
The function BN_MONT_CTX_set was assuming that the modulus was non-zero and therefore that |mod->top| > 0. In an error situation that may not be the case and could cause a seg fault. This is a follow on from CVE-2015-1794. Reviewed-by: N Richard Levitte <levitte@openssl.org>
6a009812 · Matt Caswell · 61e72d76 · 6a009812
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

crypto/bn/bn_mont.c crypto/bn/bn_mont.c +3 -0

未找到文件。
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -351,6 +351,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
    int ret = 0;
    BIGNUM *Ri, *R;

+    if (BN_is_zero(mod))
+        return 0;
+
    BN_CTX_start(ctx);
    if ((Ri = BN_CTX_get(ctx)) == NULL)
        goto err;