Make sure buffers are large enough even for weird parameters

[openssl.git] / crypto / asn1 / t_pkey.c

diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index c456b67b01c9833a262dd3915dfc5e7cd4ef2faa..652b26b7b0c27c6aebd9e8bb4a284ef24139e372 100644 (file)
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -100,10 +100,34 @@ int RSA_print(BIO *bp, const RSA *x, int off)
        char str[128];
        const char *s;
        unsigned char *m=NULL;
        char str[128];
        const char *s;
        unsigned char *m=NULL;

-       int i,ret=0;
+       int ret=0;
+       size_t buf_len=0, i;

 
 

-       i=RSA_size(x);
-       m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+       if (x->n)
+               buf_len = (size_t)BN_num_bytes(x->n);
+       if (x->e)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+                       buf_len = i;
+       if (x->d)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+                       buf_len = i;
+       if (x->p)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+                       buf_len = i;
+       if (x->q)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                       buf_len = i;
+       if (x->dmp1)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+                       buf_len = i;
+       if (x->dmq1)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+                       buf_len = i;
+       if (x->iqmp)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+                       buf_len = i;
+
+       m=(unsigned char *)OPENSSL_malloc(buf_len+10);

        if (m == NULL)
                {
                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
        if (m == NULL)
                {
                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);


@@ -165,22 +189,25 @@ int DSA_print(BIO *bp, const DSA *x, int off)
        {
        char str[128];
        unsigned char *m=NULL;
        {
        char str[128];
        unsigned char *m=NULL;

-       int i,ret=0;
-       BIGNUM *bn=NULL;
-
-       if (x->p != NULL)
-               bn=x->p;
-       else if (x->priv_key != NULL)
-               bn=x->priv_key;
-       else if (x->pub_key != NULL)
-               bn=x->pub_key;
-               
-       /* larger than needed but what the hell :-) */
-       if (bn != NULL)
-               i=BN_num_bytes(bn)*2;
-       else
-               i=256;
-       m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+       int ret=0;
+       size_t buf_len=0,i;
+
+       if (x->p)
+               buf_len = (size_t)BN_num_bytes(x->p);
+       if (x->q)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                       buf_len = i;
+       if (x->g)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                       buf_len = i;
+       if (x->priv_key)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+                       buf_len = i;
+       if (x->pub_key)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+                       buf_len = i;
+
+       m=(unsigned char *)OPENSSL_malloc(buf_len+10);

        if (m == NULL)
                {
                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
        if (m == NULL)
                {
                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);


@@ -572,10 +599,15 @@ int DHparams_print_fp(FILE *fp, const DH *x)
 int DHparams_print(BIO *bp, const DH *x)
        {
        unsigned char *m=NULL;
 int DHparams_print(BIO *bp, const DH *x)
        {
        unsigned char *m=NULL;

-       int reason=ERR_R_BUF_LIB,i,ret=0;
+       int reason=ERR_R_BUF_LIB,ret=0;
+       size_t buf_len=0, i;

 
 

-       i=BN_num_bytes(x->p);
-       m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+       if (x->p)
+               buf_len = (size_t)BN_num_bytes(x->p);
+       if (x->g)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                       buf_len = i;
+       m=(unsigned char *)OPENSSL_malloc(buf_len+10);

        if (m == NULL)
                {
                reason=ERR_R_MALLOC_FAILURE;
        if (m == NULL)
                {
                reason=ERR_R_MALLOC_FAILURE;


@@ -625,10 +657,18 @@ int DSAparams_print_fp(FILE *fp, const DSA *x)
 int DSAparams_print(BIO *bp, const DSA *x)
        {
        unsigned char *m=NULL;
 int DSAparams_print(BIO *bp, const DSA *x)
        {
        unsigned char *m=NULL;

-       int reason=ERR_R_BUF_LIB,i,ret=0;
+       int reason=ERR_R_BUF_LIB,ret=0;
+       size_t buf_len=0,i;

 
 

-       i=BN_num_bytes(x->p);
-       m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+       if (x->p)
+               buf_len = (size_t)BN_num_bytes(x->p);
+       if (x->q)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                       buf_len = i;
+       if (x->g)
+               if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                       buf_len = i;
+       m=(unsigned char *)OPENSSL_malloc(buf_len+10);

        if (m == NULL)
                {
                reason=ERR_R_MALLOC_FAILURE;
        if (m == NULL)
                {
                reason=ERR_R_MALLOC_FAILURE;