From d03024905e50f472e55aad9924018b0dcfcdbe01 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sun, 11 Oct 2015 09:27:55 +0100
Subject: [PATCH] bignum_set_bit: Don't abort if asked to clear an inaccessible
 bit

All those bits are clear anyway.

Bug found with the help of afl-fuzz.

(cherry picked from commit 4f340599029715d863b84bdfc0407f582114a23c)
---
 sshbn.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sshbn.c b/sshbn.c
index facdf3d5..8393721a 100644
--- a/sshbn.c
+++ b/sshbn.c
@@ -1202,9 +1202,9 @@ int bignum_bit(Bignum bn, int i)
  */
 void bignum_set_bit(Bignum bn, int bitnum, int value)
 {
-    if (bitnum < 0 || bitnum >= (int)(BIGNUM_INT_BITS * bn[0]))
-	abort();		       /* beyond the end */
-    else {
+    if (bitnum < 0 || bitnum >= (int)(BIGNUM_INT_BITS * bn[0])) {
+        if (value) abort();		       /* beyond the end */
+    } else {
 	int v = bitnum / BIGNUM_INT_BITS + 1;
 	BignumInt mask = (BignumInt)1 << (bitnum % BIGNUM_INT_BITS);
 	if (value)