bugfix: allocate sufficiently large buffer

Submitted by: Nils Larsch

bugfix: allocate sufficiently large buffer
Submitted by: Nils Larsch
d009bcbf · Bodo Möller · 4b71f63a · d009bcbf
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

crypto/ec/ec_mult.c crypto/ec/ec_mult.c +1 -1

未找到文件。
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -233,7 +233,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,

 	wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
 	wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
-	wNAF = OPENSSL_malloc(totalnum * sizeof wNAF[0] + 1);
+	wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]);
 	if (wNAF != NULL)
 		{
 		wNAF[0] = NULL; /* preliminary pivot */