nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity

Fix buffer overrun in mp_from_decimal("").

Browse Source 
The loop over the input string assumed it could read _one_ byte safely
before reaching the initial termination test.
This commit is contained in:
Simon Tatham 2019-01-29 20:03:35 +00:00
parent 5017d0a6ca
commit 6e7df89316
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mpint.c
View File

@ -186,7 +186,7 @@ mp_int *mp_from_decimal_pl(ptrlen decimal)
size_t words = bits / BIGNUM_INT_BITS + 1; size_t words = bits / BIGNUM_INT_BITS + 1;
mp_int *x = mp_make_sized(words); mp_int *x = mp_make_sized(words);
for (size_t i = 0;; i++) { for (size_t i = 0; i < decimal.len; i++) {
mp_add_integer_into(x, x, ((char *)decimal.ptr)[i] - '0'); mp_add_integer_into(x, x, ((char *)decimal.ptr)[i] - '0');
if (i+1 == decimal.len) if (i+1 == decimal.len)

1
test/cryptsuite.py
View File

@ -155,6 +155,7 @@ class mpint(MyTestBase):
decstr = '91596559417721901505460351493238411077414937428167' decstr = '91596559417721901505460351493238411077414937428167'
self.assertEqual(int(mp_from_decimal_pl(decstr)), int(decstr, 10)) self.assertEqual(int(mp_from_decimal_pl(decstr)), int(decstr, 10))
self.assertEqual(int(mp_from_decimal(decstr)), int(decstr, 10)) self.assertEqual(int(mp_from_decimal(decstr)), int(decstr, 10))
self.assertEqual(int(mp_from_decimal("")), 0)
# For hex, test both upper and lower case digits # For hex, test both upper and lower case digits
hexstr = 'ea7cb89f409ae845215822e37D32D0C63EC43E1381C2FF8094' hexstr = 'ea7cb89f409ae845215822e37D32D0C63EC43E1381C2FF8094'
self.assertEqual(int(mp_from_hex_pl(hexstr)), int(hexstr, 16)) self.assertEqual(int(mp_from_hex_pl(hexstr)), int(hexstr, 16))