ibphoenix/tomsfastmath
6
0
Fork 1
Code Issues Pull Requests Packages Releases Wiki Activity

Bugfix: fix buffer overflow with comba sqr

Browse Source 
The comba sqr code does not check the maximum bounds of fp_int; eg:
if you invoke fp_sqr_comba_20, it will write 40 digits to the
destination even if FP_SIZE < 40. This is correct for achieving high
speeds, but it means that it is the caller's responsibility to check for
such overflows.

fp_sqr.c only checks for numeric overflows (a->used * 2 >= FP_SIZE)
though. This means that if you call fp_sqr() with a small number (say
1), and your FP_SIZE is 10, and you have enabled a fp_sqr_comba_8, it
will overflow your buffer by writing 16 digits.

Since the exact subset of active comba multipliers/sqrs are up to the user
(in tfm.h), we fix the code never to invoke them if they can cause
overflows.
This commit is contained in:
Giovanni Bajo 2011-09-20 11:55:19 +02:00
parent da5fa59f2c
commit c32affe350
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/sqr/fp_sqr.c
View File

@ -21,49 +21,49 @@ void fp_sqr(fp_int *A, fp_int *B)
} }
y = A->used; y = A->used;
#if defined(TFM_SQR3) #if defined(TFM_SQR3) && FP_SIZE >= 6
if (y <= 3) { if (y <= 3) {
fp_sqr_comba3(A,B); fp_sqr_comba3(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR4) #if defined(TFM_SQR4) && FP_SIZE >= 8
if (y == 4) { if (y == 4) {
fp_sqr_comba4(A,B); fp_sqr_comba4(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR6) #if defined(TFM_SQR6) && FP_SIZE >= 12
if (y <= 6) { if (y <= 6) {
fp_sqr_comba6(A,B); fp_sqr_comba6(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR7) #if defined(TFM_SQR7) && FP_SIZE >= 14
if (y == 7) { if (y == 7) {
fp_sqr_comba7(A,B); fp_sqr_comba7(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR8) #if defined(TFM_SQR8) && FP_SIZE >= 16
if (y == 8) { if (y == 8) {
fp_sqr_comba8(A,B); fp_sqr_comba8(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR9) #if defined(TFM_SQR9) && FP_SIZE >= 18
if (y == 9) { if (y == 9) {
fp_sqr_comba9(A,B); fp_sqr_comba9(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR12) #if defined(TFM_SQR12) && FP_SIZE >= 24
if (y <= 12) { if (y <= 12) {
fp_sqr_comba12(A,B); fp_sqr_comba12(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR17) #if defined(TFM_SQR17) && FP_SIZE >= 34
if (y <= 17) { if (y <= 17) {
fp_sqr_comba17(A,B); fp_sqr_comba17(A,B);
return; return;
@ -75,37 +75,37 @@ void fp_sqr(fp_int *A, fp_int *B)
return; return;
} }
#endif #endif
#if defined(TFM_SQR20) #if defined(TFM_SQR20) && FP_SIZE >= 40
if (y <= 20) { if (y <= 20) {
fp_sqr_comba20(A,B); fp_sqr_comba20(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR24) #if defined(TFM_SQR24) && FP_SIZE >= 48
if (y <= 24) { if (y <= 24) {
fp_sqr_comba24(A,B); fp_sqr_comba24(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR28) #if defined(TFM_SQR28) && FP_SIZE >= 56
if (y <= 28) { if (y <= 28) {
fp_sqr_comba28(A,B); fp_sqr_comba28(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR32) #if defined(TFM_SQR32) && FP_SIZE >= 64
if (y <= 32) { if (y <= 32) {
fp_sqr_comba32(A,B); fp_sqr_comba32(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR48) #if defined(TFM_SQR48) && FP_SIZE >= 96
if (y <= 48) { if (y <= 48) {
fp_sqr_comba48(A,B); fp_sqr_comba48(A,B);
return; return;
} }
#endif #endif
#if defined(TFM_SQR64) #if defined(TFM_SQR64) && FP_SIZE >= 128
if (y <= 64) { if (y <= 64) {
fp_sqr_comba64(A,B); fp_sqr_comba64(A,B);
return; return;
@ -115,6 +115,6 @@ void fp_sqr(fp_int *A, fp_int *B)
} }
/* $Source$ */ /* $Source: /cvs/libtom/tomsfastmath/src/sqr/fp_sqr.c,v $ */
/* $Revision$ */ /* $Revision: 1.1 $ */
/* $Date$ */ /* $Date: 2006/12/31 21:25:53 $ */