Avoid potential overflow to the sign bit when shifting left 24 places

author Tomas Mraz <tmraz@fedoraproject.org>

Tue, 19 May 2020 08:51:53 +0000 (10:51 +0200)

committer Tomas Mraz <tmraz@fedoraproject.org>

Wed, 20 May 2020 15:31:43 +0000 (17:31 +0200)
author Tomas Mraz <tmraz@fedoraproject.org>
Tue, 19 May 2020 08:51:53 +0000 (10:51 +0200)
committer Tomas Mraz <tmraz@fedoraproject.org>
Wed, 20 May 2020 15:31:43 +0000 (17:31 +0200)
diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c

index 504cddffecdec7a43c3abefcdb52b5659c8843e9..d2be44e2bdbe4e6a5848785d6843d1f4bbd0a802 100644 (file)
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
      int neg = 0;
      BIGNUM *a = NULL;
  
-    if (n < 4) {
+    if (n < 4 || (d[0] & 0x80) != 0) {
          BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
          return NULL;
      }
author	Tomas Mraz <tmraz@fedoraproject.org>
	Tue, 19 May 2020 08:51:53 +0000 (10:51 +0200)
committer	Tomas Mraz <tmraz@fedoraproject.org>
	Wed, 20 May 2020 15:31:43 +0000 (17:31 +0200)