diff options
| author | Dmitry-Me <wipedout@yandex.ru> | 2016-02-10 20:08:09 +0100 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2016-02-10 20:13:26 +0100 |
| commit | cc9c56894606fdf324933cd8090d9a54d967bf5b (patch) | |
| tree | 30c6d3bfeef6251454c99210825a5259c41518df /crypto | |
| parent | 01a2ade05d4fb5ece6f7574616055d81dd4e1a31 (diff) | |
Ensure allocation size fits into size_t
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #630
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/scrypt.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c index 25b360e210..20e5dd4854 100644 --- a/crypto/evp/scrypt.c +++ b/crypto/evp/scrypt.c @@ -213,6 +213,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, unsigned char *B; uint32_t *X, *V, *T; uint64_t i, Blen, Vlen; + size_t allocsize; /* Sanity check parameters */ /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ @@ -242,7 +243,8 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, Blen = p * 128 * r; /* - * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t. + * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in + * uint64_t and also size_t (their sizes are unrelated). * This is combined size V, X and T (section 4) */ i = UINT64_MAX / (32 * sizeof(uint32_t)); @@ -253,11 +255,16 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, /* check total allocated size fits in uint64_t */ if (Blen > UINT64_MAX - Vlen) return 0; + /* check total allocated size fits in size_t */ + if (Blen > SIZE_MAX - Vlen) + return 0; + + allocsize = (size_t)(Blen + Vlen); if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; - if (Blen + Vlen > maxmem) { + if (allocsize > maxmem) { EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; } @@ -266,7 +273,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (key == NULL) return 1; - B = OPENSSL_malloc(Blen + Vlen); + B = OPENSSL_malloc(allocsize); if (B == NULL) return 0; X = (uint32_t *)(B + Blen); @@ -294,7 +301,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, BIO_dump_fp(stderr, (char *)key, keylen); #endif err: - OPENSSL_clear_free(B, Blen + Vlen); + OPENSSL_clear_free(B, allocsize); return rv; } #endif |