cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-10 07:36:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7001 from ucko/2023a-bignum-2.28

Browse Source 
[Backport 2.28] mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
This commit is contained in:
Gilles Peskine 2023-02-01 11:36:28 +01:00 committed by GitHub
commit 45379cbe6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt Normal file
View File

@ -0,0 +1,4 @@
Bugfix
* Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
Aaron Ucko under Valgrind.

2
library/bignum.c
View File

@ -1280,7 +1280,7 @@ int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
/* Set the high limbs of X to match A. Don't touch the lower limbs /* Set the high limbs of X to match A. Don't touch the lower limbs
* because X might be aliased to B, and we must not overwrite the * because X might be aliased to B, and we must not overwrite the
* significant digits of B. */ * significant digits of B. */
if (A->n > n) { if (A->n > n && A != X) {
memcpy(X->p + n, A->p + n, (A->n - n) * ciL); memcpy(X->p + n, A->p + n, (A->n - n) * ciL);
} }
if (X->n > A->n) { if (X->n > A->n) {