Fix for bug 336335 . Plug leak of a temporary bignum in modular exponentiation . r=wtchangNSS_3_11_1_RTM

1 files changed, 9 insertions, 8 deletions

diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c
index cfccf7a27..312e0d089 100644
--- a/security/nss/lib/freebl/mpi/mpmontg.c
+++ b/security/nss/lib/freebl/mpi/mpmontg.c
@@ -921,6 +921,14 @@ mp_err mp_exptmod_safe_i(const mp_int *   montBase,
   unsigned char *powersArray;
   unsigned char *powers;
 
+  MP_DIGITS(&accum1) = 0;
+  MP_DIGITS(&accum2) = 0;
+  MP_DIGITS(&accum[0]) = 0;
+  MP_DIGITS(&accum[1]) = 0;
+  MP_DIGITS(&accum[2]) = 0;
+  MP_DIGITS(&accum[3]) = 0;
+  MP_DIGITS(&tmp) = 0;
+
   powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1));
   if (powersArray == NULL) {
     res = MP_MEM;
@@ -930,13 +938,6 @@ mp_err mp_exptmod_safe_i(const mp_int *   montBase,
   /* powers[i] = base ** (i); */
   powers = (unsigned char *)MP_ALIGN(powersArray,num_powers);
 
-  MP_DIGITS(&accum1) = 0;
-  MP_DIGITS(&accum2) = 0;
-  MP_DIGITS(&accum[0]) = 0;
-  MP_DIGITS(&accum[1]) = 0;
-  MP_DIGITS(&accum[2]) = 0;
-  MP_DIGITS(&accum[3]) = 0;
-
   /* grab the first window value. This allows us to preload accumulator1
    * and save a conversion, some squares and a multiple*/
   MP_CHECKOK( mpl_get_bits(exponent, 
@@ -945,7 +946,6 @@ mp_err mp_exptmod_safe_i(const mp_int *   montBase,
 
   MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
   MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) );
-  MP_DIGITS(&tmp) = 0;
   MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) );
 
   /* build the first WEAVE_WORD powers inline */
@@ -1070,6 +1070,7 @@ CLEANUP:
   mp_clear(&accum[1]);
   mp_clear(&accum[2]);
   mp_clear(&accum[3]);
+  mp_clear(&tmp);
   /* PORT_Memset(powers,0,num_powers*nLen*sizeof(mp_digit)); */
   free(powersArray);
   return res;