projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2d0e5d4)
Fix EC_GROUP_new_from_ecparameters to check the base length
authorMatt Caswell <matt@openssl.org>
Thu, 19 Aug 2021 11:24:17 +0000 (12:24 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 24 Aug 2021 12:19:00 +0000 (13:19 +0100)
Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
crypto/ec/ec_asn1.c patch | blob | history

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 7b7c75ce84435ae5b9e03da66b33a5819ccf786e..e497a259095d4318032611bea520421114184f86 100644 (file)
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
         ret->seed_len = params->curve->seed->length;
     }
 
-    if (!params->order || !params->base || !params->base->data) {
+    if (params->order == NULL
+            || params->base == NULL
+            || params->base->data == NULL
+            || params->base->length == 0) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
         goto err;
     }
Unnamed repository; edit this file 'description' to name the repository.