Sanity check keylength in PVK files.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 5 Jul 2014 23:32:44 +0000 (00:32 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 5 Jul 2014 23:36:16 +0000 (00:36 +0100)
PR#2277

crypto/pem/pvkfmt.c

index b1bf71a..ae89f82 100644 (file)
@@ -759,6 +759,11 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
                /* Copy BLOBHEADER across, decrypt rest */
                memcpy(enctmp, p, 8);
                p += 8;
+               if (keylen < 8)
+                       {
+                       PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
+                       return NULL;
+                       }
                inlen = keylen - 8;
                q = enctmp + 8;
                if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))