33 lines
1.3 KiB
Diff
33 lines
1.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Darren Kenny <darren.kenny@oracle.com>
|
|
Date: Tue, 3 Nov 2020 16:43:37 +0000
|
|
Subject: [PATCH] libgcrypt/mpi: Fix possible unintended sign extension
|
|
|
|
The array of unsigned char gets promoted to a signed 32-bit int before
|
|
it is finally promoted to a size_t. There is the possibility that this
|
|
may result in the signed-bit being set for the intermediate signed
|
|
32-bit int. We should ensure that the promotion is to the correct type
|
|
before we bitwise-OR the values.
|
|
|
|
Fixes: CID 96697
|
|
|
|
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
grub-core/lib/libgcrypt/mpi/mpicoder.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c
|
|
index a3435ed14..7ecad27b2 100644
|
|
--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
|
|
+++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c
|
|
@@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
|
|
if (len && len < 4)
|
|
return gcry_error (GPG_ERR_TOO_SHORT);
|
|
|
|
- n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]);
|
|
+ n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | (size_t)s[3]);
|
|
s += 4;
|
|
if (len)
|
|
len -= 4;
|