Iterate over EC_GROUP's poly array in a safe way

Prevent that memory beyond the last element is accessed if every element of group->poly[] is non-zero Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2689) (cherry picked from commit 57f48f939ed5d3119e3c691ea0a8a3ac2f4a1a9e)
author: Rich Salz <rsalz@openssl.org> 2017-02-22 13:11:08 -0500
committer: Rich Salz <rsalz@openssl.org> 2017-02-22 13:16:09 -0500
commit: ea63fdda830b883314e163283e90db66ec3b7876 (patch)
tree: 27f64a4a69cc9a45271c96c92094449df50e0838 /crypto/ec
parent: 90670b54c493c04c830ac38e9cfd7acf8fac4012 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 33abf61f44..e3295c4a14 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -64,15 +64,18 @@
 
 int EC_GROUP_get_basis_type(const EC_GROUP *group)
 {
-    int i = 0;
+    int i;
 
     if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
         NID_X9_62_characteristic_two_field)
         /* everything else is currently not supported */
         return 0;
 
-    while (group->poly[i] != 0)
-        i++;
+    /* Find the last non-zero element of group->poly[] */
+    for (i = 0;
+         i < (int)OSSL_NELEM(group->poly) & group->poly[i] != 0;
+         i++)
+        continue;
 
     if (i == 4)
         return NID_X9_62_ppBasis;
author	Rich Salz <rsalz@openssl.org>	2017-02-22 13:11:08 -0500
committer	Rich Salz <rsalz@openssl.org>	2017-02-22 13:16:09 -0500
commit	ea63fdda830b883314e163283e90db66ec3b7876 (patch)
tree	27f64a4a69cc9a45271c96c92094449df50e0838 /crypto/ec
parent	90670b54c493c04c830ac38e9cfd7acf8fac4012 (diff)