From: Matt Caswell Date: Mon, 10 Aug 2015 11:00:29 +0000 (+0100) Subject: Check for 0 modulus in BN_MONT_CTX_set X-Git-Tag: OpenSSL_1_0_2e~142 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=512368c9ed4d53fb230000e83071eb81bf628b22;p=oweals%2Fopenssl.git Check for 0 modulus in BN_MONT_CTX_set The function BN_MONT_CTX_set was assuming that the modulus was non-zero and therefore that |mod->top| > 0. In an error situation that may not be the case and could cause a seg fault. This is a follow on from CVE-2015-1794. Reviewed-by: Richard Levitte --- diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index aafd1b8526..be95bd55d0 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) int ret = 0; BIGNUM *Ri, *R; + if (BN_is_zero(mod)) + return 0; + BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err;