Circumvent an exploitable buffer overrun error in RSA Security's RSAREF

author Ulf Möller <ulf@openssl.org>

Fri, 3 Dec 1999 23:56:08 +0000 (23:56 +0000)

committer Ulf Möller <ulf@openssl.org>

Fri, 3 Dec 1999 23:56:08 +0000 (23:56 +0000)
author Ulf Möller <ulf@openssl.org>
Fri, 3 Dec 1999 23:56:08 +0000 (23:56 +0000)
committer Ulf Möller <ulf@openssl.org>
Fri, 3 Dec 1999 23:56:08 +0000 (23:56 +0000)
diff --git a/rsaref/rsaref.c b/rsaref/rsaref.c

index 7677eb9fce9fa10c9f7c2abf4e082f32d6a5fbde..1a4c0f378b94bc6567f636a03114ee8498a850b9 100644 (file)
--- a/rsaref/rsaref.c
+++ b/rsaref/rsaref.c
@@ -209,6 +209,11 @@ int RSA_ref_private_decrypt(int len, unsigned char *from, unsigned char *to,
  
         if (!RSAref_Private_eay2ref(rsa,&RSAkey))
                 goto err;
+       if (len > RSAref_MAX_LEN)
+               {
+               RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_DECRYPT,RSAREF_R_LEN);
+               goto err;
+               }
         if ((i=RSAPrivateDecrypt(to,&outlen,from,len,&RSAkey)) != 0)
                 {
                 RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_DECRYPT,i);
@@ -232,6 +237,11 @@ int RSA_ref_private_encrypt(int len, unsigned char *from, unsigned char *to,
         }
         if (!RSAref_Private_eay2ref(rsa,&RSAkey))
                 goto err;
+       if (len + 3 > RSAref_MAX_LEN)
+               {
+               RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,RSAREF_R_LEN);
+               goto err;
+               }
         if ((i=RSAPrivateEncrypt(to,&outlen,from,len,&RSAkey)) != 0)
                 {
                 RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,i);
@@ -250,6 +260,12 @@ int RSA_ref_public_decrypt(int len, unsigned char *from, unsigned char *to,
  
         if (!RSAref_Public_eay2ref(rsa,&RSAkey))
                 goto err;
+       if (len > RSAref_MAX_LEN)
+               {
+               RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_DECRYPT,RSAREF_R_LEN);
+               goto err;
+               }
+               goto err;
         if ((i=RSAPublicDecrypt(to,&outlen,from,len,&RSAkey)) != 0)
                 {
                 RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_DECRYPT,i);
@@ -286,6 +302,11 @@ int RSA_ref_public_encrypt(int len, unsigned char *from, unsigned char *to,
  
         if (!RSAref_Public_eay2ref(rsa,&RSAkey))
                 goto err;
+       if (len + 3 > RSAref_MAX_LEN)
+               {
+               RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_LEN);
+               goto err;
+               }
         if ((i=RSAPublicEncrypt(to,&outlen,from,len,&RSAkey,&rnd)) != 0)
                 {
                 RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,i);
author	Ulf Möller <ulf@openssl.org>
	Fri, 3 Dec 1999 23:56:08 +0000 (23:56 +0000)
committer	Ulf Möller <ulf@openssl.org>
	Fri, 3 Dec 1999 23:56:08 +0000 (23:56 +0000)