LibCrypto: Fix an out-of-bounds access in UnsignedBigInteger

This is working fine for TLS because we have a big enough inline capacity, but in theory we could have crashed at any time even with our 512 words of inline capacity.
author: DexesTTP <dexes.ttp@gmail.com> 2021-05-13 08:30:29 +0200
committer: Linus Groh <mail@linusgroh.de> 2021-05-13 19:18:07 +0100
commit: 0853d98420d54eefbe2c6b9baa98ce8cdf145491 (patch)
tree: 5bb1bdbcf2c3451c4fe7842244428075500c9a74 /Userland/Libraries/LibCrypto
parent: 28a6a9a08f5e515f37aacd28f295daf1dd621f75 (diff)
download: serenity-0853d98420d54eefbe2c6b9baa98ce8cdf145491.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp b/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp
index 5f7408800a..d762bcbe5d 100644
--- a/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp
+++ b/Userland/Libraries/LibCrypto/BigInt/UnsignedBigInteger.cpp
@@ -248,7 +248,7 @@ void UnsignedBigInteger::set_bit_inplace(size_t bit_index)
     const size_t word_index = bit_index / UnsignedBigInteger::BITS_IN_WORD;
     const size_t inner_word_index = bit_index % UnsignedBigInteger::BITS_IN_WORD;
 
-    m_words.ensure_capacity(word_index);
+    m_words.ensure_capacity(word_index + 1);
 
     for (size_t i = length(); i <= word_index; ++i) {
         m_words.unchecked_append(0);
author	DexesTTP <dexes.ttp@gmail.com>	2021-05-13 08:30:29 +0200
committer	Linus Groh <mail@linusgroh.de>	2021-05-13 19:18:07 +0100
commit	0853d98420d54eefbe2c6b9baa98ce8cdf145491 (patch)
tree	5bb1bdbcf2c3451c4fe7842244428075500c9a74 /Userland/Libraries/LibCrypto
parent	28a6a9a08f5e515f37aacd28f295daf1dd621f75 (diff)
download	serenity-0853d98420d54eefbe2c6b9baa98ce8cdf145491.zip