diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-10-31 10:00:32 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-11-09 23:03:09 +0100 |
| commit | e821e1908686657a45c1b735f6d077b7a8493e2b (patch) | |
| tree | 50c08128169c2d1bab58a0d6c4b2e8cb6ebbd6b3 | |
| parent | 15c20db9051adb4c9a68be0c01b5113828d18f01 (diff) | |
| download | gnutls-e821e1908686657a45c1b735f6d077b7a8493e2b.tar.gz | |
when exporting curve coordinates to X9.63 format, perform additional sanity checks on input
Reported by Sean Burford.
| -rw-r--r-- | lib/gnutls_ecc.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c index 847f0d2e85..aa6399b5df 100644 --- a/lib/gnutls_ecc.c +++ b/lib/gnutls_ecc.c @@ -53,6 +53,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, /* pad and store x */ byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + size = out->size - (1 + (numlen - byte_size)); ret = _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)], @@ -63,6 +68,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, } byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + size = out->size - (1 + (numlen + numlen - byte_size)); ret = _gnutls_mpi_print(y, |