bn_write_str buffer overflow

Question

bn_write_str buffer overflow

guidovranken opened this issue 4 years ago · 0 comments

The value returned by bn_size_str is off by 1 (it returns 1 but it should return 2).

#include <relic_conf.h>
#include <relic.h>

int main(void)
{
    if ( core_init() != RLC_OK ) abort();

    bn_t bn;
    ec_t pub;

    bn_null(bn); bn_new(bn);

    const char* in_str = "0";

    /* noret */ bn_read_str(bn, in_str, strlen(in_str), 10);

    int size = bn_size_str(bn, 2);
    char* out_str = malloc(size);
    /* noret */ bn_write_str(out_str, size, bn, 2);

    return 0;
}