[go: nahoru, domu]
Skip to content

Commit

Permalink
Fix EC_GROUP_new_from_ecparameters to check the base length
Browse files Browse the repository at this point in the history 
Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
  • Loading branch information
@mattcaswell
mattcaswell committed Aug 24, 2021
1 parent 2d0e5d4 commit 94d23fc
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion crypto/ec/ec_asn1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
ret->seed_len = params->curve->seed->length;
}

if (!params->order || !params->base || !params->base->data) {
if (params->order == NULL
|| params->base == NULL
|| params->base->data == NULL
|| params->base->length == 0) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
goto err;
}
Expand Down

3 comments on commit 94d23fc

@Kps4444

This comment was marked as spam.

Sign in to view

@ayang05
Copy link
@ayang05 ayang05 commented on 94d23fc Dec 25, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the solution is not equal to the description of cve-2021-3712, such as does still X509_get1_email() function exist the problem? @Kps4444

@t8m
Copy link
Member
@t8m t8m commented on 94d23fc Dec 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ayang05 please note there are multiple commits associated with fixing the cve 2021-3712

Please sign in to comment.