projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7c038a6)
Fix EC_GROUP_new_from_ecparameters to check the base length
authorMatt Caswell <matt@openssl.org>
Thu, 19 Aug 2021 11:24:17 +0000 (12:24 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 24 Aug 2021 13:22:07 +0000 (14:22 +0100)
Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
crypto/ec/ec_asn1.c patch | blob | history

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 0e37b21ac39ebadfea5fb853d7853ad7872259c8..b3a791eb6457909b6af6f14cbca176f04f6a73cc 100644 (file)
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -699,7 +699,8 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
 
     if (params->order == NULL
             || params->base == NULL
-            || params->base->data == NULL) {
+            || params->base->data == NULL
+            || params->base->length == 0) {
         ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR);
         goto err;
     }
Unnamed repository; edit this file 'description' to name the repository.