diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-31 20:56:22 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-08-06 20:41:24 +0100 |
commit | 53348780e9936f49b4ced7459e32d0bebbf9e8fa (patch) | |
tree | e04451f4f9994b300b890e5b394fcb6d417c9bdb /crypto/srp | |
parent | f338c2e0c2ce1e89cf8eba2d38878081f46b9dce (diff) |
Fix SRP buffer overrun vulnerability.
Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.
Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Diffstat (limited to 'crypto/srp')
-rw-r--r-- | crypto/srp/srp_lib.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 7c1dcc5111..83d417a308 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -89,6 +89,9 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) int longg ; int longN = BN_num_bytes(N); + if (BN_ucmp(g, N) >= 0) + return NULL; + if ((tmp = OPENSSL_malloc(longN)) == NULL) return NULL; BN_bn2bin(N,tmp) ; @@ -121,6 +124,9 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) if ((A == NULL) ||(B == NULL) || (N == NULL)) return NULL; + if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0) + return NULL; + longN= BN_num_bytes(N); if ((cAB = OPENSSL_malloc(2*longN)) == NULL) |