]> asedeno.scripts.mit.edu Git - PuTTY.git/commitdiff
projects / PuTTY.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0e19ca)
bignum_set_bit: Don't abort if asked to clear an inaccessible bit
authorBen Harris <bjh21@bjh21.me.uk>
Sun, 11 Oct 2015 08:27:55 +0000 (09:27 +0100)
committerBen Harris <bjh21@bjh21.me.uk>
Wed, 28 Oct 2015 22:08:32 +0000 (22:08 +0000)
All those bits are clear anyway.

Bug found with the help of afl-fuzz.

sshbn.c patch | blob | history

diff --git a/sshbn.c b/sshbn.c
index fd9e5c0aee3aa73d1966650de81ef4e8fe854643..3afea467f9d393fe55fa8f5581c4018665ebf5cd 100644 (file)
--- a/sshbn.c
+++ b/sshbn.c
@@ -1311,9 +1311,9 @@ int bignum_bit(Bignum bn, int i)
  */
 void bignum_set_bit(Bignum bn, int bitnum, int value)
 {
-    if (bitnum < 0 || bitnum >= (int)(BIGNUM_INT_BITS * bn[0]))
-       abort();                       /* beyond the end */
-    else {
+    if (bitnum < 0 || bitnum >= (int)(BIGNUM_INT_BITS * bn[0])) {
+        if (value) abort();                   /* beyond the end */
+    else {
        int v = bitnum / BIGNUM_INT_BITS + 1;
        BignumInt mask = (BignumInt)1 << (bitnum % BIGNUM_INT_BITS);
        if (value)
local copy of git://git.tartarus.org/simon/putty.git