projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8a8bc66)
Add missing range checks on number of multi primes in rsa_ossl_mod_exp
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Thu, 7 Dec 2017 12:03:15 +0000 (13:03 +0100)
committerBernd Edlinger <bernd.edlinger@hotmail.de>
Fri, 8 Dec 2017 14:38:59 +0000 (15:38 +0100)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4862)

crypto/rsa/rsa_ossl.c patch | blob | history

diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index ced11ad883c98e17b53e073e4da63c5010d5f0ea..f7b5cdca2bd2046210b37e0da42ef1a3e9883aab 100644 (file)
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -604,7 +604,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
 
 static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 {
-    BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM];
+    BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2];
     int ret = 0, i, ex_primes = 0;
     RSA_PRIME_INFO *pinfo;
 
@@ -618,7 +618,8 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         goto err;
 
     if (rsa->version == RSA_ASN1_VERSION_MULTI
-        && (ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0)
+        && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
+             || ex_primes > RSA_MAX_PRIME_NUM - 2))
         goto err;
 
     {
Unnamed repository; edit this file 'description' to name the repository.