Package: gnupg / 1.4.18-7+deb8u5

0007-mpi-Improve-mpi_invm-to-detect-bad-input.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
From cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 11 Sep 2014 17:06:16 +0200
Subject: [PATCH 07/20] mpi: Improve mpi_invm to detect bad input.

* mpi/mpi-inv.c (mpi_invm): Return 0 for bad input.
--

Without this patch the function may enter an endless loop.  This is a
backport from libgcrypt.

GnuPG-bug-id: 1713
---
 mpi/mpi-inv.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mpi/mpi-inv.c b/mpi/mpi-inv.c
index b762630..361c57e 100644
--- a/mpi/mpi-inv.c
+++ b/mpi/mpi-inv.c
@@ -165,6 +165,11 @@ mpi_invm( MPI x, MPI a, MPI n )
     int sign;
     int odd ;
 
+    if (!mpi_cmp_ui (a, 0))
+        return 0; /* Inverse does not exists.  */
+    if (!mpi_cmp_ui (n, 1))
+        return 0; /* Inverse does not exists.  */
+
     u = mpi_copy(a);
     v = mpi_copy(n);
 
-- 
2.1.3