* mpicoder.c (mpi_read_from_buffer): Bail out on a zero length

buffer because we can't eventually do an malloc of this size. Reported by Timo.
author: Werner Koch <wk@gnupg.org> 2002-03-20 10:55:30 +0000
committer: Werner Koch <wk@gnupg.org> 2002-03-20 10:55:30 +0000
commit: abb5ec22d95f0f64d14a173312acdfd10a79ffa1 (patch)
tree: 6c19f74510749a43b93abe7fe17c0d90009e9388 /mpi/mpicoder.c
parent: 99a1715fb7872cf4bffdb5de18889953ea411bea (diff)
download: libgcrypt-abb5ec22d95f0f64d14a173312acdfd10a79ffa1.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index c026c930..9c3e34bd 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -34,7 +34,7 @@ static MPI
 mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure)
 {
     int i, j;
-    unsigned nbits, nbytes, nlimbs, nread=0;
+    unsigned int nbits, nbytes, nlimbs, nread=0;
     mpi_limb_t a;
     MPI val = MPI_NULL;
 
@@ -45,6 +45,10 @@ mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure)
 	log_error("mpi too large (%u bits)\n", nbits);
 	goto leave;
     }
+    else if( !nbits ) {
+	log_error("an mpi of size 0 is not allowed\n");
+	goto leave;
+    }
     buffer += 2;
     nread = 2;
author	Werner Koch <wk@gnupg.org>	2002-03-20 10:55:30 +0000
committer	Werner Koch <wk@gnupg.org>	2002-03-20 10:55:30 +0000
commit	abb5ec22d95f0f64d14a173312acdfd10a79ffa1 (patch)
tree	6c19f74510749a43b93abe7fe17c0d90009e9388 /mpi/mpicoder.c
parent	99a1715fb7872cf4bffdb5de18889953ea411bea (diff)
download	libgcrypt-abb5ec22d95f0f64d14a173312acdfd10a79ffa1.tar.gz