Overview

File openssl-CVE-2015-1794_2.patch of Package openssl.4634

From: Matt Caswell <matt@openssl.org>
Date: Mon, 10 Aug 2015 12:00:29 +0100
Subject: Check for 0 modulus in BN_MONT_CTX_set
Patch-mainline: OpenSSL_1_0_1q
Git-commit: b11980d79a52ec08844f08bea0e66c04b691840b
References: CVE-2015-1794 bsc#957984

The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: Richard Levitte <levitte@openssl.org>

---
 crypto/bn/bn_mont.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index aadd5db1d8db..5bc631cde999 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
     int ret = 0;
     BIGNUM *Ri, *R;
 
+    if (BN_is_zero(mod))
+        return 0;
+
     BN_CTX_start(ctx);
     if ((Ri = BN_CTX_get(ctx)) == NULL)
         goto err;
-- 
2.7.2
openSUSE Build Service is sponsored by
Places