diff options
author | Rich Salz <rsalz@openssl.org> | 2017-02-22 13:11:08 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-02-22 13:13:03 -0500 |
commit | 57f48f939ed5d3119e3c691ea0a8a3ac2f4a1a9e (patch) | |
tree | a473953723e0ea07294292ba1e3ca37824649f97 | |
parent | 5c80e2af3a7d8aa5129a1668c286c1464983e1ac (diff) |
Iterate over EC_GROUP's poly array in a safe way
Prevent that memory beyond the last element is accessed if every element
of group->poly[] is non-zero
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2689)
-rw-r--r-- | crypto/ec/ec_asn1.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 4f4d1edf0e..b6b13d3c10 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -15,15 +15,18 @@ int EC_GROUP_get_basis_type(const EC_GROUP *group) { - int i = 0; + int i; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != NID_X9_62_characteristic_two_field) /* everything else is currently not supported */ return 0; - while (group->poly[i] != 0) - i++; + /* Find the last non-zero element of group->poly[] */ + for (i = 0; + i < (int)OSSL_NELEM(group->poly) & group->poly[i] != 0; + i++) + continue; if (i == 4) return NID_X9_62_ppBasis; |