don't write beyond buffer
authorBodo Möller <bodo@openssl.org>
Tue, 27 Aug 2002 13:32:35 +0000 (13:32 +0000)
committerBodo Möller <bodo@openssl.org>
Tue, 27 Aug 2002 13:32:35 +0000 (13:32 +0000)
Submitted by: Nils Larsch

crypto/bn/bn_gf2m.c

index 8bd17e0..dea1fd3 100644 (file)
@@ -370,12 +370,16 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
 
                for (k = 1; p[k] > 0; k++)
                        {
+                       BN_ULONG tmp_ulong;
+
                        /* reducing component t^p[k]*/
                        n = p[k] / BN_BITS2;   
                        d0 = p[k] % BN_BITS2;
                        d1 = BN_BITS2 - d0;
                        z[n] ^= (zz << d0);
-                       if (d0) z[n+1] ^= (zz >> d1);
+                       tmp_ulong = zz >> d1;
+                        if (d0 && tmp_ulong)
+                                z[n+1] ^= tmp_ulong;
                        }