Fix possible integer overflow

czurnieden · sjaeckel · commit be78ab95084e · 2023-09-05T07:14:54.000+02:00
(cherry picked from commit beba892)
diff --git a/mp_2expt.c b/mp_2expt.c
@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
 {
    mp_err    err;
 
+   if (b < 0) {
+      return MP_VAL;
+   }
+
    /* zero a as per default */
    mp_zero(a);
 
diff --git a/mp_grow.c b/mp_grow.c
@@ -6,6 +6,10 @@
 /* grow as required */
 mp_err mp_grow(mp_int *a, int size)
 {
+   if (size < 0) {
+      return MP_VAL;
+   }
+
    /* if the alloc size is smaller alloc more ram */
    if (a->alloc < size) {
       mp_digit *dp;
diff --git a/mp_init_size.c b/mp_init_size.c
@@ -6,6 +6,10 @@
 /* init an mp_init for a given size */
 mp_err mp_init_size(mp_int *a, int size)
 {
+   if (size < 0) {
+      return MP_VAL;
+   }
+
    size = MP_MAX(MP_MIN_DIGIT_COUNT, size);
 
    if (size > MP_MAX_DIGIT_COUNT) {
diff --git a/s_mp_mul.c b/s_mp_mul.c
@@ -13,6 +13,10 @@ mp_err s_mp_mul(const mp_int *a, const mp_int *b, mp_int *c, int digs)
    mp_err  err;
    int     pa, ix;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* can we use the fast multiplier? */
    if ((digs < MP_WARRAY) &&
        (MP_MIN(a->used, b->used) < MP_MAX_COMBA)) {
diff --git a/s_mp_mul_comba.c b/s_mp_mul_comba.c
@@ -26,6 +26,10 @@ mp_err s_mp_mul_comba(const mp_int *a, const mp_int *b, mp_int *c, int digs)
    mp_digit W[MP_WARRAY];
    mp_word  _W;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* grow the destination as required */
    if ((err = mp_grow(c, digs)) != MP_OKAY) {
       return err;
diff --git a/s_mp_mul_high.c b/s_mp_mul_high.c
@@ -12,6 +12,10 @@ mp_err s_mp_mul_high(const mp_int *a, const mp_int *b, mp_int *c, int digs)
    int      pa, pb, ix;
    mp_err   err;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* can we use the fast multiplier? */
    if (MP_HAS(S_MP_MUL_HIGH_COMBA)
        && ((a->used + b->used + 1) < MP_WARRAY)
diff --git a/s_mp_mul_high_comba.c b/s_mp_mul_high_comba.c
@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_comba(const mp_int *a, const mp_int *b, mp_int *c, int digs
    mp_digit W[MP_WARRAY];
    mp_word  _W;
 
+   if (digs < 0) {
+      return MP_VAL;
+   }
+
    /* grow the destination as required */
    pa = a->used + b->used;
    if ((err = mp_grow(c, pa)) != MP_OKAY) {

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)`
`12`	`12`	`{`
`13`	`13`	`mp_err err;`
`14`	`14`
	`15`	`+ if (b < 0) {`
	`16`	`+ return MP_VAL;`
	`17`	`+ }`
	`18`	`+`
`15`	`19`	`/* zero a as per default */`
`16`	`20`	`mp_zero(a);`
`17`	`21`