From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 29 Jul 2013 22:28:12 +0000 (+0100)
Subject: sshbn.c (modmul): Prevent buffer underrun.
X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/commitdiff_plain/aca5132bdf53bf0d7983c09b3b95c8bbec559580?ds=sidebyside;hp=aca5132bdf53bf0d7983c09b3b95c8bbec559580

sshbn.c (modmul): Prevent buffer underrun.

In `modmul', if

  * the topmost bit of mod is clear, so mshift is nonzero; and

  * both p and q are no more than half as long as mod, so 2*pqlen <=
    mlen

then we run this code:

    if (mshift) {
        for (i = 2 * pqlen - mlen - 1; i < 2 * pqlen - 1; i++)
            a[i] = (a[i] << mshift) | (a[i + 1] >> (BIGNUM_INT_BITS - mshift));

But then mlen + 1 > 2*pqlen and therefore i is initially negative
-- and therefore certainly less than 2*pqlen.  So the initial access to
a[] is illegal.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>
---