summaryrefslogtreecommitdiff
path: root/lib/libcrypto/rsa
diff options
context:
space:
mode:
authorMiod Vallat <miod@cvs.openbsd.org>2014-07-09 09:07:01 +0000
committerMiod Vallat <miod@cvs.openbsd.org>2014-07-09 09:07:01 +0000
commitba9ebd008376c1b090e93a91dd99d21f35565a66 (patch)
tree97bc4b6fdf921a5cbfda372c6cd09d9a169c9442 /lib/libcrypto/rsa
parent14f278acf602b0a7c2d4f0a39c6cbe660d30c0cd (diff)
Be more strict in RSA_padding_check_X931(), and thus avoid a possible
memcpy() with a negative size. ok tedu@
Diffstat (limited to 'lib/libcrypto/rsa')
-rw-r--r--lib/libcrypto/rsa/rsa_x931.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/rsa/rsa_x931.c b/lib/libcrypto/rsa/rsa_x931.c
index f22c50ba13f..c3305139f80 100644
--- a/lib/libcrypto/rsa/rsa_x931.c
+++ b/lib/libcrypto/rsa/rsa_x931.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_x931.c,v 1.3 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_x931.c,v 1.4 2014/07/09 09:07:00 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
@@ -135,7 +135,7 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
} else
j = flen - 2;
- if (p[j] != 0xCC) {
+ if (j < 0 || p[j] != 0xCC) {
RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
return -1;
}