Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
authorEmilia Kasper <emilia@openssl.org>
Mon, 25 Aug 2014 10:38:16 +0000 (12:38 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 27 Aug 2014 17:49:35 +0000 (19:49 +0200)
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
crypto/ec/ec_asn1.c

index 26d6360..52d31c2 100644 (file)
@@ -1195,14 +1195,20 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
        if (priv_key->publicKey)
                {
                const unsigned char *pub_oct;
-               size_t pub_oct_len;
+               int pub_oct_len;
 
                pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
                pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
-               /* save the point conversion form */
+               /* The first byte - point conversion form - must be present. */
+                if (pub_oct_len <= 0)
+                       {
+                       ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
+                       goto err;
+                       }
+               /* Save the point conversion form. */
                ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
                if (!EC_POINT_oct2point(ret->group, ret->pub_key,
-                       pub_oct, pub_oct_len, NULL))
+                                       pub_oct, (size_t)(pub_oct_len), NULL))
                        {
                        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
                        goto err;