Check GOST parameters are not NULL (CVE-2012-0027)
authorDr. Stephen Henson <steve@openssl.org>
Wed, 4 Jan 2012 23:03:40 +0000 (23:03 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 4 Jan 2012 23:03:40 +0000 (23:03 +0000)
CHANGES
engines/ccgost/gost2001_keyx.c
engines/ccgost/gost94_keyx.c

diff --git a/CHANGES b/CHANGES
index 7c31ead..f310a75 100644 (file)
--- a/CHANGES
+++ b/CHANGES
   *) Add support for SCTP.
      [Robin Seggelmann <seggelmann@fh-muenster.de>]
 
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich@gmail.com>]
+
   *) Prevent malformed RFC3779 data triggering an assertion failure.
      Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
      and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
index 00759bc..c748102 100644 (file)
@@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_l
                }
                
        param = get_encryption_params(gkt->key_agreement_info->cipher);
+    if(!param){
+        goto err;
+    }
+
        gost_init(&ctx,param->sblock);  
        OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
        memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
index 624be58..0d7d3ff 100644 (file)
@@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len
                }
 
        param = get_encryption_params(gkt->key_agreement_info->cipher);
+    if(!param){
+        goto err;
+    }
+       
        gost_init(&cctx,param->sblock); 
        OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
        memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);