diff --git a/ChangeLog b/ChangeLog index 62cd00c2c..36179157a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,8 @@ Bugfix * Potential memory leak in ssl_ticket_keys_init() * Memory leak in benchmark application * Fixed x509_crt_parse_path() bug on Windows platforms + * Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by + TrustInSoft) Security * Possible remotely-triggered out-of-bounds memory access fixed (found by diff --git a/library/bignum.c b/library/bignum.c index dd5c0bfdd..eb7a82257 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1221,9 +1221,9 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) while( mpi_cmp_mpi( &X, &Y ) >= 0 ) { Z.p[n - t]++; - mpi_sub_mpi( &X, &X, &Y ); + MPI_CHK( mpi_sub_mpi( &X, &X, &Y ) ); } - mpi_shift_r( &Y, biL * (n - t) ); + MPI_CHK( mpi_shift_r( &Y, biL * (n - t) ) ); for( i = n; i > t ; i-- ) { @@ -1316,15 +1316,15 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B ) if( Q != NULL ) { - mpi_copy( Q, &Z ); + MPI_CHK( mpi_copy( Q, &Z ) ); Q->s = A->s * B->s; } if( R != NULL ) { - mpi_shift_r( &X, k ); + MPI_CHK( mpi_shift_r( &X, k ) ); X.s = A->s; - mpi_copy( R, &X ); + MPI_CHK( mpi_copy( R, &X ) ); if( mpi_cmp_int( R, 0 ) == 0 ) R->s = 1;