From 6e7df89316074992870fdc4b80c8d8c5cf5765b0 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Tue, 29 Jan 2019 20:03:35 +0000
Subject: [PATCH] Fix buffer overrun in mp_from_decimal("").

The loop over the input string assumed it could read _one_ byte safely
before reaching the initial termination test.
---
 mpint.c            | 2 +-
 test/cryptsuite.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/mpint.c b/mpint.c
index 774d744e..f9ba20ea 100644
--- a/mpint.c
+++ b/mpint.c
@@ -186,7 +186,7 @@ mp_int *mp_from_decimal_pl(ptrlen decimal)
     size_t words = bits / BIGNUM_INT_BITS + 1;
 
     mp_int *x = mp_make_sized(words);
-    for (size_t i = 0;; i++) {
+    for (size_t i = 0; i < decimal.len; i++) {
         mp_add_integer_into(x, x, ((char *)decimal.ptr)[i] - '0');
 
         if (i+1 == decimal.len)
diff --git a/test/cryptsuite.py b/test/cryptsuite.py
index 8082f56c..d247a7eb 100755
--- a/test/cryptsuite.py
+++ b/test/cryptsuite.py
@@ -155,6 +155,7 @@ class mpint(MyTestBase):
         decstr = '91596559417721901505460351493238411077414937428167'
         self.assertEqual(int(mp_from_decimal_pl(decstr)), int(decstr, 10))
         self.assertEqual(int(mp_from_decimal(decstr)), int(decstr, 10))
+        self.assertEqual(int(mp_from_decimal("")), 0)
         # For hex, test both upper and lower case digits
         hexstr = 'ea7cb89f409ae845215822e37D32D0C63EC43E1381C2FF8094'
         self.assertEqual(int(mp_from_hex_pl(hexstr)), int(hexstr, 16))