1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
|
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 7 Jul 2017 15:12:00 +0900
Subject: CVE-2017-7526: mpi: Minor fix for mpi_pow.
* mpi/mpi-pow.c (mpi_powm): Fix allocation size.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 554ded4854758bf6ca268432fa087f946932a409)
---
mpi/mpi-pow.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
index acddca9..0078b84 100644
--- a/mpi/mpi-pow.c
+++ b/mpi/mpi-pow.c
@@ -162,7 +162,7 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod)
{
mpi_size_t i;
- mpi_ptr_t xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec );
+ mpi_ptr_t xp = xp_marker = mpi_alloc_limb_space( size, msec );
int c;
mpi_limb_t e;
mpi_limb_t carry_limb;
@@ -499,7 +499,7 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod)
struct karatsuba_ctx karactx;
mpi_ptr_t tp;
- xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec );
+ xp = xp_marker = mpi_alloc_limb_space( size, msec );
memset( &karactx, 0, sizeof karactx );
negative_result = (ep[0] & 1) && bsign;
|