diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-05-24 18:47:45 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-05-26 13:04:38 +0200 |
commit | 07f65429c34cb581484371f7d45cb83815f95484 (patch) | |
tree | c5312e1a2a2790fc7bd625390f6f939399836d85 /crypto/pem | |
parent | b59b2f93a165f9e4ad6ed15ca8b22ff29296297f (diff) |
Fix possible infinite loop in pem_read_bio_key_decoder()
There could be an infinite loop if no read happened.
Fixes #15426
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15441)
Diffstat (limited to 'crypto/pem')
-rw-r--r-- | crypto/pem/pem_pkey.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index adbf8bcfe7..becf7e277c 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -36,6 +36,11 @@ static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x, { EVP_PKEY *pkey = NULL; OSSL_DECODER_CTX *dctx = NULL; + int pos, newpos; + + if ((pos = BIO_tell(bp)) < 0) + /* We can depend on BIO_tell() thanks to the BIO_f_readbuffer() */ + return NULL; dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL, selection, libctx, propq); @@ -50,8 +55,10 @@ static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x, goto err; while (!OSSL_DECODER_from_bio(dctx, bp) || pkey == NULL) - if (BIO_eof(bp) != 0) + if (BIO_eof(bp) != 0 || (newpos = BIO_tell(bp)) < 0 || newpos <= pos) goto err; + else + pos = newpos; if (!evp_keymgmt_util_has(pkey, selection)) { EVP_PKEY_free(pkey); |