From 217053a780f5078ef4ab6744f63b18d51f2d9ee3 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Fri, 1 Jun 2012 14:49:07 -0700
Subject: [PATCH] integer comba array sanity check

---
 ctaocrypt/src/integer.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c
index 996dad062..72f443ffc 100644
--- a/ctaocrypt/src/integer.c
+++ b/ctaocrypt/src/integer.c
@@ -2762,6 +2762,9 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
     }
   }
 
+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */
+
 #ifdef CYASSL_SMALL_STACK
   W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
   if (W == NULL)    
@@ -2878,6 +2881,8 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 
   /* number of output digits to produce */
   pa = MIN(digs, a->used + b->used);
+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */
 
 #ifdef CYASSL_SMALL_STACK
   W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
@@ -3598,6 +3603,9 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
     }
   }
 
+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */
+  
 #ifdef CYASSL_SMALL_STACK
   W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
   if (W == NULL)