|
|
9fde57 |
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
|
|
|
9fde57 |
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
|
|
|
9fde57 |
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
|
|
|
9fde57 |
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
|
9fde57 |
extra = 1;
|
|
|
9fde57 |
}
|
|
|
9fde57 |
|
|
|
9fde57 |
- if (buffer && n > len)
|
|
|
9fde57 |
- {
|
|
|
9fde57 |
- /* The provided buffer is too short. */
|
|
|
9fde57 |
- xfree (tmp);
|
|
|
9fde57 |
- return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
- }
|
|
|
9fde57 |
if (buffer)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
unsigned char *s = buffer;
|
|
|
9fde57 |
|
|
|
9fde57 |
+ if (n > len)
|
|
|
9fde57 |
+ {
|
|
|
9fde57 |
+ /* The provided buffer is too short. */
|
|
|
9fde57 |
+ xfree (tmp);
|
|
|
9fde57 |
+ return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
+ }
|
|
|
9fde57 |
if (extra == 1)
|
|
|
9fde57 |
*s++ = 0;
|
|
|
9fde57 |
else if (extra)
|
|
|
9fde57 |
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
|
9fde57 |
/* Note: We ignore the sign for this format. */
|
|
|
9fde57 |
/* FIXME: for performance reasons we should put this into
|
|
|
9fde57 |
mpi_aprint because we can then use the buffer directly. */
|
|
|
9fde57 |
-
|
|
|
9fde57 |
- if (buffer && n > len)
|
|
|
9fde57 |
- return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
if (buffer)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
unsigned char *tmp;
|
|
|
9fde57 |
|
|
|
9fde57 |
+ if (n > len)
|
|
|
9fde57 |
+ return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
|
|
|
9fde57 |
if (!tmp)
|
|
|
9fde57 |
return gpg_err_code_from_syserror ();
|
|
|
9fde57 |
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
|
9fde57 |
if (negative)
|
|
|
9fde57 |
return GPG_ERR_INV_ARG;
|
|
|
9fde57 |
|
|
|
9fde57 |
- if (buffer && n+2 > len)
|
|
|
9fde57 |
- return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
-
|
|
|
9fde57 |
if (buffer)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
unsigned char *tmp;
|
|
|
9fde57 |
unsigned char *s = buffer;
|
|
|
9fde57 |
|
|
|
9fde57 |
+ if (n+2 > len)
|
|
|
9fde57 |
+ return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
+
|
|
|
9fde57 |
s[0] = nbits >> 8;
|
|
|
9fde57 |
s[1] = nbits;
|
|
|
9fde57 |
|
|
|
9fde57 |
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
|
9fde57 |
extra=1;
|
|
|
9fde57 |
}
|
|
|
9fde57 |
|
|
|
9fde57 |
- if (buffer && n+4 > len)
|
|
|
9fde57 |
- {
|
|
|
9fde57 |
- xfree(tmp);
|
|
|
9fde57 |
- return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
- }
|
|
|
9fde57 |
-
|
|
|
9fde57 |
if (buffer)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
unsigned char *s = buffer;
|
|
|
9fde57 |
|
|
|
9fde57 |
+ if (n+4 > len)
|
|
|
9fde57 |
+ {
|
|
|
9fde57 |
+ xfree(tmp);
|
|
|
9fde57 |
+ return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
+ }
|
|
|
9fde57 |
+
|
|
|
9fde57 |
*s++ = n >> 24;
|
|
|
9fde57 |
*s++ = n >> 16;
|
|
|
9fde57 |
*s++ = n >> 8;
|
|
|
9fde57 |
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
|
|
9fde57 |
if (!n || (*tmp & 0x80))
|
|
|
9fde57 |
extra = 2;
|
|
|
9fde57 |
|
|
|
9fde57 |
- if (buffer && 2*n + extra + negative + 1 > len)
|
|
|
9fde57 |
- {
|
|
|
9fde57 |
- xfree(tmp);
|
|
|
9fde57 |
- return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
- }
|
|
|
9fde57 |
if (buffer)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
unsigned char *s = buffer;
|
|
|
9fde57 |
|
|
|
9fde57 |
+ if (2*n + extra + negative + 1 > len)
|
|
|
9fde57 |
+ {
|
|
|
9fde57 |
+ xfree(tmp);
|
|
|
9fde57 |
+ return GPG_ERR_TOO_SHORT;
|
|
|
9fde57 |
+ }
|
|
|
9fde57 |
if (negative)
|
|
|
9fde57 |
*s++ = '-';
|
|
|
9fde57 |
if (extra)
|