diff options
| author | Katie Hockman <katie@golang.org> | 2020-11-10 15:54:12 -0500 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2020-11-12 15:40:27 +0100 |
| commit | f7a1fcf7a55d6b0bc97b02f5b9dd4a15d54aeafa (patch) | |
| tree | ab212f6ca16a70cec8dd44d7985f1e9e658fe668 | |
| parent | ff5addb6be2fb3001f0cb026c3e4931090a85664 (diff) | |
| download | go-f7a1fcf7a55d6b0bc97b02f5b9dd4a15d54aeafa.tar.gz go-f7a1fcf7a55d6b0bc97b02f5b9dd4a15d54aeafa.zip | |
[release-branch.go1.14-security] math/big: fix shift for recursive division
The previous s value could cause a crash
for certain inputs.
Will check in tests and documentation improvements later.
Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting this.
Thanks to Rémy Oudompheng and Robert Griesemer for their help
developing and validating the fix.
Fixes CVE-2020-28362
Change-Id: Ibbf455c4436bcdb07c84a34fa6551fb3422356d3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/899974
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 28015462c2a83239543dc2bef651e9a5f234b633)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/901064
| -rw-r--r-- | src/math/big/nat.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/math/big/nat.go b/src/math/big/nat.go index c31ec5156b..b967621250 100644 --- a/src/math/big/nat.go +++ b/src/math/big/nat.go @@ -928,7 +928,7 @@ func (z nat) divRecursiveStep(u, v nat, depth int, tmp *nat, temps []*nat) { // Now u < (v<<B), compute lower bits in the same way. // Choose shift = B-1 again. - s := B + s := B - 1 qhat := *temps[depth] qhat.clear() qhat.divRecursiveStep(u[s:].norm(), v[s:], depth+1, tmp, temps) |