Commit 512368c9 authored by Matt Caswell's avatar Matt Caswell
Browse files

Check for 0 modulus in BN_MONT_CTX_set 



The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent ada57746

crypto/bn/bn_mont.c

+3 −0
Original line number Diff line number Diff line
@@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) 
    int ret = 0;

    BIGNUM *Ri, *R;



    if (BN_is_zero(mod))

        return 0;



    BN_CTX_start(ctx);

    if ((Ri = BN_CTX_get(ctx)) == NULL)

        goto err;