Skip to content

Commit

Permalink
Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().
Browse files Browse the repository at this point in the history
Reported by Robert Swiecki, who found the issue using honggfuzz.

ok bcook@
  • Loading branch information
4a6f656c committed May 26, 2017
1 parent 1bcb5a7 commit c80d044
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lib/libcrypto/ec/ec_asn1.c
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* $OpenBSD: ec_asn1.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: ec_asn1.c,v 1.24 2017/05/26 16:32:14 jsing Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
Expand Down Expand Up @@ -1390,8 +1390,14 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
ECerror(ERR_R_EC_LIB);
goto err;
}

pub_oct = ASN1_STRING_data(priv_key->publicKey);
pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
if (pub_oct == NULL || pub_oct_len <= 0) {
ECerror(EC_R_BUFFER_TOO_SMALL);
goto err;
}

/* save the point conversion form */
ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
if (!EC_POINT_oct2point(ret->group, ret->pub_key,
Expand Down

0 comments on commit c80d044

Please sign in to comment.