fd2d434dd3
Cherry picked from libtommath 7bbc1f8e4fe6dce75055957645117180768efb15.
Vulnerability Detail:
CVE Identifier: CVE-2023-36328
Description: Integer Overflow vulnerability in mp_grow in libtom
libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9,
allows attackers to execute arbitrary code and cause a denial of
service (DoS).
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-36328
Reported-by: https://github.com/Crispy-fried-chicken
36 lines
792 B
C
36 lines
792 B
C
#include "tommath_private.h"
|
|
#ifdef BN_MP_2EXPT_C
|
|
/* LibTomMath, multiple-precision integer library -- Tom St Denis */
|
|
/* SPDX-License-Identifier: Unlicense */
|
|
|
|
/* computes a = 2**b
|
|
*
|
|
* Simple algorithm which zeroes the int, grows it then just sets one bit
|
|
* as required.
|
|
*/
|
|
mp_err mp_2expt(mp_int *a, int b)
|
|
{
|
|
mp_err err;
|
|
|
|
if (b < 0) {
|
|
return MP_VAL;
|
|
}
|
|
|
|
/* zero a as per default */
|
|
mp_zero(a);
|
|
|
|
/* grow a to accomodate the single bit */
|
|
if ((err = mp_grow(a, (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) {
|
|
return err;
|
|
}
|
|
|
|
/* set the used count of where the bit will go */
|
|
a->used = (b / MP_DIGIT_BIT) + 1;
|
|
|
|
/* put the single bit in its place */
|
|
a->dp[b / MP_DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT);
|
|
|
|
return MP_OKAY;
|
|
}
|
|
#endif
|