From f91e026e38321d0c154f535ecd5af09e424e7f1b Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu, 29 Mar 2018 11:27:29 +0200
Subject: Fix a possible crash in BN_from_montgomery_word

Thanks to Darovskikh Andrei for for reporting this issue.

Fixes: #5785

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5793)
---
 crypto/bn/bn_mont.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto/bn/bn_mont.c')

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index c882891d5e..362390a353 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -95,6 +95,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 
     /* clear the top words of T */
     i = max - r->top;
+    if (i < 0)
+        return 0;
     if (i)
         memset(&rp[r->top], 0, sizeof(*rp) * i);
 
-- 
cgit v1.2.3