From 96769e04765511047981e7962d91b979e841f01f Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Sun, 5 Feb 2017 02:48:13 +0100
Subject: libmp: fix mpmod() aliasing bug when n == r and x < 0 (thanks aiju,
 mischief)

mischief found this in rsafill()'s call mpmod(c2, x, x), where
d parameter is negative (rsagen created a rsa key with negative dk).
---
 sys/src/libmp/port/mpmod.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sys/src/libmp/port/mpmod.c b/sys/src/libmp/port/mpmod.c
index c02f72c9a..9ed17593c 100644
--- a/sys/src/libmp/port/mpmod.c
+++ b/sys/src/libmp/port/mpmod.c
@@ -6,11 +6,15 @@ void
 mpmod(mpint *x, mpint *n, mpint *r)
 {
 	int sign;
+	mpint *ns;
 
 	sign = x->sign;
+	ns = sign < 0 && n == r ? mpcopy(n) : n;
 	if((n->flags & MPfield) == 0
 	|| ((Mfield*)n)->reduce((Mfield*)n, x, r) != 0)
 		mpdiv(x, n, nil, r);
-	if(sign < 0)
-		mpmagsub(n, r, r);
+	if(sign < 0){
+		mpmagsub(ns, r, r);
+		if(ns != n) mpfree(ns);
+	}
 }
-- 
cgit v1.2.3