Fix SRP buffer overrun vulnerability.

Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B < N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for reporting this issue.
author: Dr. Stephen Henson <steve@openssl.org> 2014-07-31 20:56:22 +0100
committer: Matt Caswell <matt@openssl.org> 2014-08-06 20:41:24 +0100
commit: 53348780e9936f49b4ced7459e32d0bebbf9e8fa (patch)
tree: e04451f4f9994b300b890e5b394fcb6d417c9bdb /crypto/srp
parent: f338c2e0c2ce1e89cf8eba2d38878081f46b9dce (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 7c1dcc5111..83d417a308 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -89,6 +89,9 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
 	int longg ;
 	int longN = BN_num_bytes(N);
 
+	if (BN_ucmp(g, N) >= 0)
+		return NULL;
+
 	if ((tmp = OPENSSL_malloc(longN)) == NULL)
 		return NULL;
 	BN_bn2bin(N,tmp) ;
@@ -121,6 +124,9 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
 	if ((A == NULL) ||(B == NULL) || (N == NULL))
 		return NULL;
 
+	if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
+		return NULL;
+
 	longN= BN_num_bytes(N);
 
 	if ((cAB = OPENSSL_malloc(2*longN)) == NULL)
author	Dr. Stephen Henson <steve@openssl.org>	2014-07-31 20:56:22 +0100
committer	Matt Caswell <matt@openssl.org>	2014-08-06 20:41:24 +0100
commit	53348780e9936f49b4ced7459e32d0bebbf9e8fa (patch)
tree	e04451f4f9994b300b890e5b394fcb6d417c9bdb /crypto/srp
parent	f338c2e0c2ce1e89cf8eba2d38878081f46b9dce (diff)