projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
[openssl.git]
/
crypto
/
ec
/
ec_asn1.c
diff --git
a/crypto/ec/ec_asn1.c
b/crypto/ec/ec_asn1.c
index 26d6360454f95e0c84d33db75e29e98fcea33529..52d31c2f9642d0eeaf7d47edf8784396c2a4e29f 100644
(file)
--- a/
crypto/ec/ec_asn1.c
+++ b/
crypto/ec/ec_asn1.c
@@
-1195,14
+1195,20
@@
EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
if (priv_key->publicKey)
{
const unsigned char *pub_oct;
if (priv_key->publicKey)
{
const unsigned char *pub_oct;
-
size_
t pub_oct_len;
+
in
t pub_oct_len;
pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
- /* save the point conversion form */
+ /* The first byte - point conversion form - must be present. */
+ if (pub_oct_len <= 0)
+ {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
+ goto err;
+ }
+ /* Save the point conversion form. */
ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
if (!EC_POINT_oct2point(ret->group, ret->pub_key,
ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
if (!EC_POINT_oct2point(ret->group, ret->pub_key,
-
pub_oct, pub_oct_len
, NULL))
+
pub_oct, (size_t)(pub_oct_len)
, NULL))
{
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
goto err;
{
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
goto err;