Avoid creating illegal pointers

Found by tis-interpreter Reviewed-by: N Rich Salz <rsalz@openssl.org> GH: #1179

Avoid creating illegal pointers
Found by tis-interpreter Reviewed-by: N Rich Salz <rsalz@openssl.org> GH: #1179
f3cf2251 · Kurt Roeckx · 0a320653 · f3cf2251
显示空白变更内容
内联并排

Showing with 7 addition and 5 deletion

crypto/bn/bn_lib.c crypto/bn/bn_lib.c +7 -5

未找到文件。
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -565,9 +565,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
    if (ret == NULL)
        return (NULL);
    bn_check_top(ret);
-    s += len - 1;
+    s += len;
    /* Skip trailing zeroes. */
-    for ( ; len > 0 && *s == 0; s--, len--)
+    for ( ; len > 0 && s[-1] == 0; s--, len--)
        continue;
    n = len;
    if (n == 0) {
@@ -584,7 +584,8 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
    ret->neg = 0;
    l = 0;
    while (n--) {
-        l = (l << 8L) | *(s--);
+        s--;
+        l = (l << 8L) | *s;
        if (m-- == 0) {
            ret->d[--i] = l;
            l = 0;
@@ -610,10 +611,11 @@ int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
    /* Add trailing zeroes if necessary */
    if (tolen > i)
        memset(to + i, 0, tolen - i);
-    to += i - 1;
+    to += i;
    while (i--) {
        l = a->d[i / BN_BYTES];
-        *(to--) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+        to--;
+        *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
    }
    return tolen;
 }