diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2022-05-21 08:03:14 +0200 |
|---|---|---|
| committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2022-05-24 11:43:59 +0200 |
| commit | 094304c5ef120f69e2bd2ff297515a91f348ace1 (patch) | |
| tree | bd798159ad6e0041096ade4aa786775371991b13 /crypto/ec | |
| parent | b8e87e8ff33ed5c0325101ce6b1a6a01c80611f7 (diff) | |
| download | openssl-new-094304c5ef120f69e2bd2ff297515a91f348ace1.tar.gz | |
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18365)
(cherry picked from commit 97de6145851922a33f7afd9c308adfc1b2e5732b)
Diffstat (limited to 'crypto/ec')
| -rw-r--r-- | crypto/ec/ec_asn1.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 6323131a22..60550c7539 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -687,6 +687,16 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) /* extract seed (optional) */ if (params->curve->seed != NULL) { + /* + * This happens for instance with + * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a + * and causes the OPENSSL_malloc below to choke on the + * zero length allocation request. + */ + if (params->curve->seed->length == 0) { + ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); + goto err; + } OPENSSL_free(ret->seed); if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); |