don't write beyond buffer

[oweals/openssl.git] / crypto / bn / bn_sqr.c

diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
index eb52c4e82839d3bb9e0e2b9509270e3ed4a5446e..c1d0cca438dc4358218386490a1e543bef2592c9 100644 (file)
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -88,7 +88,6 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
        max=(al+al);
        if (bn_wexpand(rr,max+1) == NULL) goto err;
 
-       r->neg=0;
        if (al == 4)
                {
 #ifndef BN_SQR_COMBA
@@ -140,6 +139,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
                }
 
        rr->top=max;
+       rr->neg=0;
        if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
        if (rr != r) BN_copy(r,rr);
        ret = 1;
@@ -245,7 +245,7 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
        if (!zero)
                bn_sqr_recursive(&(t[n2]),t,n,p);
        else
-               memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+               memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
        bn_sqr_recursive(r,a,n,p);
        bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);