From 00d7c1c632019066a4884930d413ccc044d81af5 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 13 Jan 2021 10:57:22 +0900
Subject: sexp: Raise an error when an integer is negative with USG.

* src/sexp.c (do_vsexp_sscan): Return GPG_ERR_INV_ARG if negative.

--

GnuPG-bug-id: 4964
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 src/sexp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/sexp.c b/src/sexp.c
index de28aedc..864916be 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1483,6 +1483,12 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
                 }
               else
                 {
+                  if (mpifmt == GCRYMPI_FMT_USG && mpi_cmp_ui (m, 0) < 0)
+                    {
+                      err = GPG_ERR_INV_ARG;
+                      goto leave;
+                    }
+
                   err = _gcry_mpi_print (mpifmt, NULL, 0, &nm, m);
                   if (err)
                     goto leave;
-- 
cgit v1.2.1