diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2016-03-02 05:02:36 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2016-03-02 05:02:36 +0000 |
commit | 94b9474758820044f3484ee744915f6abced6d7e (patch) | |
tree | d84917654d4311f2152deda21007146f18dc8318 /lib/libssl | |
parent | 7fa21becbd63c1496be4e89ab16d8b1b958c1066 (diff) |
bound lengths coming out of a pem file to something like reality
ok deraadt@
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/src/crypto/pem/pvkfmt.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/libssl/src/crypto/pem/pvkfmt.c b/lib/libssl/src/crypto/pem/pvkfmt.c index f5a9de39fc7..c3fd0e8d0a4 100644 --- a/lib/libssl/src/crypto/pem/pvkfmt.c +++ b/lib/libssl/src/crypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.14 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.15 2016/03/02 05:02:35 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -681,6 +681,10 @@ do_PVK_header(const unsigned char **in, unsigned int length, int skip_magic, is_encrypted = read_ledword(&p); *psaltlen = read_ledword(&p); *pkeylen = read_ledword(&p); + if (*psaltlen > 65536 || *pkeylen > 65536) { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); + return 0; + } if (is_encrypted && !*psaltlen) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); @@ -796,7 +800,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) { unsigned char pvk_hdr[24], *buf = NULL; const unsigned char *p; - int buflen; + size_t buflen; EVP_PKEY *ret = NULL; unsigned int saltlen, keylen; @@ -808,7 +812,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) return 0; - buflen = (int) keylen + saltlen; + buflen = keylen + saltlen; buf = malloc(buflen); if (!buf) { PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); |