This happens for instance with
fuzz/corpora/asn1/
65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18365)
/* extract seed (optional) */
if (params->curve->seed != NULL) {
+ /*
+ * This happens for instance with
+ * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
+ * and causes the OPENSSL_malloc below to choke on the
+ * zero length allocation request.
+ */
+ if (params->curve->seed->length == 0) {
+ ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR);
+ goto err;
+ }
OPENSSL_free(ret->seed);
if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);