From 80b105717eaccb493391330a0a812be0af2a40e7 Mon Sep 17 00:00:00 2001
From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Fri, 2 Mar 2001 10:29:23 +0000
Subject: [PATCH] A fix in modmul: don't segfault or fill the result with
 rubbish if the unreduced product is shorter than the modulus.

git-svn-id: svn://svn.tartarus.org/sgt/putty@965 cda61777-01e9-0310-a592-d414129be87e
---
 sshbn.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/sshbn.c b/sshbn.c
index aea5a82b..587fc8f3 100644
--- a/sshbn.c
+++ b/sshbn.c
@@ -289,7 +289,7 @@ Bignum modmul(Bignum p, Bignum q, Bignum mod)
 {
     unsigned short *a, *n, *m, *o;
     int mshift;
-    int pqlen, mlen, i, j;
+    int pqlen, mlen, rlen, i, j;
     Bignum result;
 
     /* Allocate m of size mlen, copy mod to m */
@@ -339,9 +339,10 @@ Bignum modmul(Bignum p, Bignum q, Bignum mod)
     }
 
     /* Copy result to buffer */
-    result = newbn(mod[0]);
-    for (i = 0; i < mlen; i++)
-	result[result[0] - i] = a[i+2*pqlen-mlen];
+    rlen = (mlen < pqlen*2 ? mlen : pqlen*2);
+    result = newbn(rlen);
+    for (i = 0; i < rlen; i++)
+	result[result[0] - i] = a[i+2*pqlen-rlen];
     while (result[0] > 1 && result[result[0]] == 0) result[0]--;
 
     /* Free temporary arrays */
-- 
2.11.0