Make EVP_PKEY_asn1_new() stricter with its input

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6880)
author: Richard Levitte <levitte@openssl.org> 2018-08-07 04:55:47 +0200
committer: Richard Levitte <levitte@openssl.org> 2018-08-07 07:53:08 +0200
commit: 38eca7fed09a57c1b7a05d651af2c667b3e87719 (patch)
tree: f0f07d640bc646e7b603aff7fc21bb6d6a24c224 /crypto/asn1
parent: 3ef97bd8cbaa7cd8ac323978207606293a48ba0d (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 9b3274bc4e..9a1644148a 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -216,6 +216,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
             goto err;
     }
 
+    /*
+     * One of the following must be true:
+     *
+     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+     *
+     * Anything else is an error and may lead to a corrupt ASN1 method table
+     */
+    if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+          || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+        goto err;
+
     if (pem_str) {
         ameth->pem_str = OPENSSL_strdup(pem_str);
         if (!ameth->pem_str)
author	Richard Levitte <levitte@openssl.org>	2018-08-07 04:55:47 +0200
committer	Richard Levitte <levitte@openssl.org>	2018-08-07 07:53:08 +0200
commit	38eca7fed09a57c1b7a05d651af2c667b3e87719 (patch)
tree	f0f07d640bc646e7b603aff7fc21bb6d6a24c224 /crypto/asn1
parent	3ef97bd8cbaa7cd8ac323978207606293a48ba0d (diff)