commit 770b5e1e9e043a00f79276d588c8c7437c0b774c
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Apr 29 17:02:01 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Apr 29 17:02:01 2015 +0200
tree 44175410add02af706de043a68b73627a93b8f6f
parent d97828e7afbc7c3bc5824083f79a2a6a73bc2420

Fix missing NULL check in MPI

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 19382bc..75ddfdb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,8 @@
      errors on use of deprecated functions.
 
 Bugfix
+   * mpi_size() and mpi_msb() would segfault when called on an mpi that is
+     initialized but not set (found by pravic).
    * Fix detection of support for getrandom() on Linux (reported by syzzer) by
      doing it at runtime (using uname) rather that compile time.
    * Fix handling of symlinks by "make install" (found by Gaël PORTAY).

include/polarssl/bignum.h

diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index df25bd1..8e1687b 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -188,7 +188,9 @@
 mpi;
 
 /**
- * \brief           Initialize one MPI
+ * \brief           Initialize one MPI (make internal references valid)
+ *                  This just makes it ready to be set or freed,
+ *                  but does not define a value for the MPI.
  *
  * \param X         One MPI to initialize.
  */

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index 12c72af..f479bc9 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -356,6 +356,9 @@
 {
     size_t i, j;
 
+    if( X->n == 0 )
+        return( 0 );
+
     for( i = X->n - 1; i > 0; i-- )
         if( X->p[i] != 0 )
             break;

tests/suites/test_suite_mpi.data

diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 7908f91..56817cc 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -1,3 +1,6 @@
+Arguments with no value
+mpi_null:
+
 Base test mpi_read_write_string #1
 mpi_read_write_string:10:"128":10:"128":100:0:0
 

tests/suites/test_suite_mpi.function

diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index ce1a072..023cab4 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -8,6 +8,25 @@
  */
 
 /* BEGIN_CASE */
+void mpi_null( )
+{
+    mpi X, Y, Z;
+
+    mpi_init( &X );
+    mpi_init( &Y );
+    mpi_init( &Z );
+
+    TEST_ASSERT( mpi_get_bit( &X, 42 ) == 0 );
+    TEST_ASSERT( mpi_lsb( &X ) == 0 );
+    TEST_ASSERT( mpi_msb( &X ) == 0 );
+    TEST_ASSERT( mpi_size( &X ) == 0 );
+
+exit:
+    mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void mpi_read_write_string( int radix_X, char *input_X, int radix_A,
                             char *input_A, int output_size, int result_read,
                             int result_write )