From f72a7ce8bc0a5c0866c6a848a7f54854d67aeba2 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Tue, 7 Aug 2018 06:21:43 +0200
Subject: Make EVP_PKEY_asn1_new() stricter with its input

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6881)
---
 crypto/asn1/ameth_lib.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'crypto')

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 43ddebba33..8f490718e1 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
     } else
         ameth->info = NULL;
 
+    /*
+     * One of the following must be true:
+     *
+     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+     *
+     * Anything else is an error and may lead to a corrupt ASN1 method table
+     */
+    if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+          || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+        goto err;
+
     if (pem_str) {
         ameth->pem_str = BUF_strdup(pem_str);
         if (!ameth->pem_str)
-- 
cgit v1.2.3