diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-11-10 07:44:11 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-11-10 07:44:11 +0100 |
commit | a737abecf1affa08469ca2e9804eb3b6e95027e9 (patch) | |
tree | 648e06f0ee1ac7e559d8ebeeb7e27965758b155f | |
parent | ca12b504084b3ce96023de8800a50b540e7705bf (diff) | |
download | gnutls-a737abecf1affa08469ca2e9804eb3b6e95027e9.tar.gz |
when exporting curve coordinates to X9.63 format, perform additional sanity checks on input
Reported by Sean Burford.
-rw-r--r-- | lib/gnutls_ecc.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c index 774b5b6d10..abc532b8af 100644 --- a/lib/gnutls_ecc.c +++ b/lib/gnutls_ecc.c @@ -53,24 +53,41 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, /* pad and store x */ byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + size = out->size - (1 + (numlen - byte_size)); ret = _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)], &size); - if (ret < 0) - return gnutls_assert_val(ret); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + size = out->size - (1 + (numlen + numlen - byte_size)); ret = _gnutls_mpi_print(y, &out->data[1 + numlen + numlen - byte_size], &size); - if (ret < 0) - return gnutls_assert_val(ret); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } /* pad and store y */ return 0; + cleanup: + _gnutls_free_datum(out); + return ret; } |