make sure we don't write to seed[-1]

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index fd0b7f361fbba41e833d4416ecb132811366414c..4f3209f02127871e5ae9083c8d29120da18cce85 100644 (file)
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -94,6 +94,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        }
 
     lzero = num - flen;
+    if (lzero < 0)
+    {
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+    return (-1);
+    }
     maskeddb = from - lzero + SHA_DIGEST_LENGTH;
     
     MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);