commit 88e46b5e95a3e892175609288157d467d21ba2e5
author Adam Langley <agl@golang.org> Fri Jan 13 10:44:50 2017 -0800
committer Adam Langley <agl@golang.org> Wed Jan 18 18:34:45 2017 +0000
tree 1e435ed34143f62a31cd552d838a9c2a246bf444
parent b82246307bd525fde15c1df976318003716bca68

otr: reject private keys with parameters <= 0.

This serves as a basic sanity check and also prevents malformed private
keys from setting P=0 and consuming large amounts of CPU and memory in
the Exp call.

Change-Id: Ife22069b989a7347d8deaaf13030df82ee59e87b
Reviewed-on: https://go-review.googlesource.com/35246
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

otr/otr.go

diff --git a/otr/otr.go b/otr/otr.go
index 549be11..8861b77 100644
--- a/otr/otr.go
+++ b/otr/otr.go
@@ -1313,6 +1313,12 @@
 		mpis[i] = new(big.Int).SetBytes(mpiBytes)
 	}
 
+	for _, mpi := range mpis {
+		if mpi.Sign() <= 0 {
+			return false
+		}
+	}
+
 	priv.PrivateKey.P = mpis[0]
 	priv.PrivateKey.Q = mpis[1]
 	priv.PrivateKey.G = mpis[2]