mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-10-24 20:10:17 +08:00
Fix NULL+0 in addition 0 + 0
Fix undefined behavior (typically harmless in practice) of mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when both operands are 0 and the left operand is represented with 0 limbs. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
4
ChangeLog.d/mpi-add-0-ub.txt
Normal file
4
ChangeLog.d/mpi-add-0-ub.txt
Normal file
@@ -0,0 +1,4 @@
|
||||
Bugfix
|
||||
* Fix undefined behavior (typically harmless in practice) of
|
||||
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int()
|
||||
when both operands are 0 and the left operand is represented with 0 limbs.
|
@@ -1130,6 +1130,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
||||
if( B->p[j - 1] != 0 )
|
||||
break;
|
||||
|
||||
/* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
|
||||
* and B is 0 (of any size). */
|
||||
if( j == 0 )
|
||||
return( 0 );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
|
||||
|
||||
o = B->p; p = X->p; c = 0;
|
||||
|
Reference in New Issue
Block a user