diff options
author | Pauli <pauli@openssl.org> | 2022-03-16 14:57:24 +1100 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2022-04-03 12:55:50 +1000 |
commit | d93f33824888053ea935318556be402e286ab715 (patch) | |
tree | 364689ddef21d60eaaf3ccf80ab0ff4d94f5c3d1 /crypto | |
parent | 9cf57d2cdc2e390b0ad77088d0f0957f8fc0e86b (diff) |
Fix Coverity 1503096: out-of-bounds access
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17898)
(cherry picked from commit d1592f21c0d4c2c94a8c6004cf7b5cad2dcb2637)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/evp_enc.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index d0cf7d995f..19a07debd9 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -344,8 +344,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, case EVP_CIPH_CBC_MODE: n = EVP_CIPHER_CTX_get_iv_length(ctx); - if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv))) - return 0; + if (n < 0 || n > (int)sizeof(ctx->iv)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); + return 0; + } if (iv != NULL) memcpy(ctx->oiv, iv, n); memcpy(ctx->iv, ctx->oiv, n); @@ -355,8 +357,11 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, ctx->num = 0; /* Don't reuse IV for CTR mode */ if (iv != NULL) { - if ((n = EVP_CIPHER_CTX_get_iv_length(ctx)) <= 0) + n = EVP_CIPHER_CTX_get_iv_length(ctx); + if (n <= 0 || n > (int)sizeof(ctx->iv)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); return 0; + } memcpy(ctx->iv, iv, n); } break; |