[xmlsec] Bug in bn.c ?
Aleksey Sanin
aleksey at aleksey.com
Mon Jun 21 11:33:52 PDT 2004
Good catch! Fixed.
Thanks!
Aleksey
Index: src/bn.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/bn.c,v
retrieving revision 1.11
diff -u -r1.11 bn.c
--- src/bn.c 11 Nov 2003 05:23:52 -0000 1.11
+++ src/bn.c 21 Jun 2004 18:32:46 -0000
@@ -297,8 +297,8 @@
}
xmlSecAssert2(i < len, NULL);
- /* we might have '0' at the beggining, remove it */
- for(len = i; (len > 0) && (res[len - 1] == '0'); len--);
+ /* we might have '0' at the beggining, remove it but keep one zero */
+ for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
res[len] = '\0';
/* swap the string because we wrote it in reverse order */
Checking in ChangeLog;
/cvs/gnome/xmlsec/ChangeLog,v <-- ChangeLog
new revision: 1.207; previous revision: 1.206
done
Checking in src/bn.c;
/cvs/gnome/xmlsec/src/bn.c,v <-- bn.c
new revision: 1.12; previous revision: 1.11
done
xs04.jmdesp at free.fr wrote:
> I apparently found a bug in bn.c, but I'm very surprised it would not have come
> out earlier.
>
> At line 300, the code :
> /* we might have '0' at the beggining, remove it */
> for(len = i; (len > 0) && (res[len - 1] == '0'); len--);
> res[len] = '\0';
>
> apparently will result in an empty content if the string is all zero.
>
> In my test, this corrects it, and leaves at least one zero :
> for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
> res[len] = '\0';
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list