summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Möller <nisse@lysator.liu.se>2014-09-17 21:51:46 +0200
committerNiels Möller <nisse@lysator.liu.se>2014-09-17 21:51:46 +0200
commit2b552abd4edc775de854014c7b0135902ca2ecd3 (patch)
treed0c478871bb30f76fae196e89266eaadd696e150
parentc9879bcbb24216586b35b9a0b2f59737970cb602 (diff)
downloadnettle-2b552abd4edc775de854014c7b0135902ca2ecd3.tar.gz
Fixed mpn_get_base256_le buffer overwrite.
-rw-r--r--ChangeLog4
-rw-r--r--gmp-glue.c1
2 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 01f6cab7..cb3edea5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2014-09-17 Niels Möller <nisse@lysator.liu.se>
+ * gmp-glue.c (mpn_get_base256_le): Fixed missing update of rn
+ counter, making the function clear some bytes beyond the end of
+ the output buffer. The bug triggered a make check failure on ARM.
+
* testsuite/testutils.c (ecc_curves): Include curve25519 in list.
(test_ecc_mul_a): Include reference points for curve25519 (with
Edwards coordinates). Allow n == 0 and n == 1, comparing to zero
diff --git a/gmp-glue.c b/gmp-glue.c
index 5de167eb..f9a5e358 100644
--- a/gmp-glue.c
+++ b/gmp-glue.c
@@ -293,6 +293,7 @@ mpn_get_base256_le (uint8_t *rp, size_t rn,
in = *xp++;
xn--;
*rp++ = old | (in << bits);
+ rn--;
in >>= (8 - bits);
bits += GMP_NUMB_BITS - 8;
}