Fix error handling in RAND_DRBG_set

[openssl.git] / apps / pkeyutl.c

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 911cc57642a2af1a3ed160ab0e267a9bf7e8499d..2c4e524b693e4794b0e4d31bef8d371a490b2967 100644 (file)
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -282,7 +282,7 @@ int pkeyutl_main(int argc, char **argv)
         buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
         if (buf_inlen < 0) {
             BIO_printf(bio_err, "Error reading input Data\n");
-            exit(1);
+            goto end;
         }
         if (rev) {
             size_t i;
@@ -296,6 +296,16 @@ int pkeyutl_main(int argc, char **argv)
         }
     }
 
+    /* Sanity check the input */
+    if (buf_inlen > EVP_MAX_MD_SIZE
+            && (pkey_op == EVP_PKEY_OP_SIGN
+                || pkey_op == EVP_PKEY_OP_VERIFY
+                || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+        BIO_printf(bio_err,
+                   "Error: The input data looks too long to be a hash\n");
+        goto end;
+    }
+
     if (pkey_op == EVP_PKEY_OP_VERIFY) {
         rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
                              buf_in, (size_t)buf_inlen);