nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-01 03:22:48 -05:00
Code Issues Projects Releases Wiki Activity

Fix buffer overrun in mp_from_decimal("").

Browse Source 
The loop over the input string assumed it could read _one_ byte safely
before reaching the initial termination test.
This commit is contained in:
Simon Tatham
2019-01-29 20:03:35 +00:00
parent 5017d0a6ca
commit 6e7df89316
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mpint.c
View File

@ -186,7 +186,7 @@ mp_int *mp_from_decimal_pl(ptrlen decimal)
size_t words = bits / BIGNUM_INT_BITS + 1;
mp_int *x = mp_make_sized(words);
for (size_t i = 0;; i++) {
for (size_t i = 0; i < decimal.len; i++) {
mp_add_integer_into(x, x, ((char *)decimal.ptr)[i] - '0');
if (i+1 == decimal.len)