From 7d6326dbf9d3f2e078537d5374175bb547d10e80 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Jul 2020 01:14:34 +0200 Subject: [PATCH] Fix uncaught error if fix_negative fails fix_negative allocates memory for its result. The calling site didn't check the return value, so an out-of-memory error could lead to an incorrect calculation. Fix this. Signed-off-by: Gilles Peskine --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 796e0d125..f349cd1c0 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -1046,7 +1046,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) STORE32; i++; \ cur = c > 0 ? c : 0; STORE32; \ cur = 0; while( ++i < MAX32 ) { STORE32; } \ - if( c < 0 ) fix_negative( N, c, &C, bits ); + if( c < 0 ) MBEDTLS_MPI_CHK( fix_negative( N, c, &C, bits ) ); /* * If the result is negative, we get it in the form