From 966fe81f9befbff62522a158006fb03050a868df Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 31 Jul 2014 20:56:22 +0100 Subject: [PATCH] Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B < N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for reporting this issue. Reviewed-by: Kurt Roeckx --- crypto/srp/srp_lib.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 7c1dcc5111..83d417a308 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -89,6 +89,9 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) int longg ; int longN = BN_num_bytes(N); + if (BN_ucmp(g, N) >= 0) + return NULL; + if ((tmp = OPENSSL_malloc(longN)) == NULL) return NULL; BN_bn2bin(N,tmp) ; @@ -121,6 +124,9 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) if ((A == NULL) ||(B == NULL) || (N == NULL)) return NULL; + if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0) + return NULL; + longN= BN_num_bytes(N); if ((cAB = OPENSSL_malloc(2*longN)) == NULL) -- 2.34.1