From b725e22731dc8d212ea3b168c077bcf71a0e45f0 Mon Sep 17 00:00:00 2001

From: Frantisek Sumsal <frantisek@sumsal.cz>

Date: Sun, 3 Sep 2023 20:42:32 +0200

Subject: [PATCH] Fix possible integer overflow

Based on the original upstream commit [0] and adapted to the EPEL 7

version (0.42.0).

[0] https://github.com/libtom/libtommath/commit/7bbc1f8e4fe6dce75055957645117180768efb15

---

 bn_mp_2expt.c           | 4 ++++

 bn_mp_grow.c            | 4 ++++

 bn_mp_init_size.c       | 4 ++++

 bn_mp_mul_2d.c          | 4 ++++

 bn_s_mp_mul_digs.c      | 4 ++++

 bn_s_mp_mul_high_digs.c | 4 ++++

 6 files changed, 24 insertions(+)

diff --git a/bn_mp_2expt.c b/bn_mp_2expt.c

index 4774aab..e9df9ba 100755

--- a/bn_mp_2expt.c

+++ b/bn_mp_2expt.c

@@ -25,6 +25,10 @@ mp_2expt (mp_int * a, int b)

 {

   int     res;

+  if (b < 0) {

+      return MP_VAL;

+  }

+

   /* zero a as per default */

   mp_zero (a);

diff --git a/bn_mp_grow.c b/bn_mp_grow.c

index f1c1cab..1a75340 100755

--- a/bn_mp_grow.c

+++ b/bn_mp_grow.c

@@ -21,6 +21,10 @@ int mp_grow (mp_int * a, int size)

   int     i;

   mp_digit *tmp;

+  if (size < 0) {

+      return MP_VAL;

+  }

+

   /* if the alloc size is smaller alloc more ram */

   if (a->alloc < size) {

     /* ensure there are always at least MP_PREC digits extra on top */

diff --git a/bn_mp_init_size.c b/bn_mp_init_size.c

index 69dd49c..519f51d 100755

--- a/bn_mp_init_size.c

+++ b/bn_mp_init_size.c

@@ -20,6 +20,10 @@ int mp_init_size (mp_int * a, int size)

 {

   int x;

+  if (size < 0) {

+      return MP_VAL;

+  }

+

   /* pad size so there are always extra digits */

   size += (MP_PREC * 2) - (size % MP_PREC);	

diff --git a/bn_mp_mul_2d.c b/bn_mp_mul_2d.c

index 385ac59..99c1945 100755

--- a/bn_mp_mul_2d.c

+++ b/bn_mp_mul_2d.c

@@ -21,6 +21,10 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c)

   mp_digit d;

   int      res;

+  if (b < 0) {

+      return MP_VAL;

+  }

+

   /* copy */

   if (a != c) {

      if ((res = mp_copy (a, c)) != MP_OKAY) {

diff --git a/bn_s_mp_mul_digs.c b/bn_s_mp_mul_digs.c

index 86196bf..c328185 100755

--- a/bn_s_mp_mul_digs.c

+++ b/bn_s_mp_mul_digs.c

@@ -27,6 +27,10 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)

   mp_word r;

   mp_digit tmpx, *tmpt, *tmpy;

+  if (digs < 0) {

+      return MP_VAL;

+  }

+

   /* can we use the fast multiplier? */

   if (((digs) < MP_WARRAY) &&

       MIN (a->used, b->used) < 

diff --git a/bn_s_mp_mul_high_digs.c b/bn_s_mp_mul_high_digs.c

index 019014e..8ffae4f 100755

--- a/bn_s_mp_mul_high_digs.c

+++ b/bn_s_mp_mul_high_digs.c

@@ -27,6 +27,10 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)

   mp_word r;

   mp_digit tmpx, *tmpt, *tmpy;

+  if (digs < 0) {

+      return MP_VAL;

+  }

+

   /* can we use the fast multiplier? */

 #ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C

   if (((a->used + b->used + 1) < MP_WARRAY)

-- 

2.41.0