diff options
author | Matt Caswell <matt@openssl.org> | 2021-08-19 12:24:17 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-08-24 14:22:07 +0100 |
commit | 030c5aba94788f152f9ceef3549815df45bef702 (patch) | |
tree | 6b34d4a9be50b30914d202c540cc0f87aacab3a4 /crypto/ec | |
parent | 7c038a6bcd98d4bbfd2c2892a87a1138d2f7c5f3 (diff) |
Fix EC_GROUP_new_from_ecparameters to check the base length
Check that there's at least one byte in params->base before trying to
read it.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_asn1.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 0e37b21ac3..b3a791eb64 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -699,7 +699,8 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) if (params->order == NULL || params->base == NULL - || params->base->data == NULL) { + || params->base->data == NULL + || params->base->length == 0) { ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); goto err; } |