Workaround for BN_bn2mpi reading/writing out of bounds

When OpenSSL's BN_bn2mpi is passed a buffer of size 4, valgrind reports reading/writing one byte past it. I am unable to find evidence of this behaviour in BN_bn2mpi's source code, so it may be a spurious warning. However, this change is harmless, as only the bignum with value 0 results in an mpi serialization of size 4.
author: Pieter Wuille <pieter.wuille@gmail.com> 2012-02-18 13:32:25 +0100
committer: Luke Dashjr <luke-jr+git@utopios.org> 2012-03-19 19:08:19 -0400
commit: 0e6c6e3fd1ab971c652e48fa04bac097e44e76fe (patch)
tree: eb6cf55d441bb107d23a67c40f86d6d4aaf49c24 /src/bignum.h
parent: 1194f003504fa6e9d9f59012ec736ebc7c231360 (diff)
download: bitcoin-0e6c6e3fd1ab971c652e48fa04bac097e44e76fe.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bignum.h b/src/bignum.h
index 1a2406b935..6e8d3cb8ab 100644
--- a/src/bignum.h
+++ b/src/bignum.h
@@ -243,7 +243,7 @@ public:
     std::vector<unsigned char> getvch() const
     {
         unsigned int nSize = BN_bn2mpi(this, NULL);
-        if (nSize < 4)
+        if (nSize <= 4)
             return std::vector<unsigned char>();
         std::vector<unsigned char> vch(nSize);
         BN_bn2mpi(this, &vch[0]);
author	Pieter Wuille <pieter.wuille@gmail.com>	2012-02-18 13:32:25 +0100
committer	Luke Dashjr <luke-jr+git@utopios.org>	2012-03-19 19:08:19 -0400
commit	0e6c6e3fd1ab971c652e48fa04bac097e44e76fe (patch)
tree	eb6cf55d441bb107d23a67c40f86d6d4aaf49c24 /src/bignum.h
parent	1194f003504fa6e9d9f59012ec736ebc7c231360 (diff)
download	bitcoin-0e6c6e3fd1ab971c652e48fa04bac097e44e76fe.tar.xz