Permalink
Browse files

Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().

Reported by Robert Swiecki, who found the issue using honggfuzz.

ok bcook@
  • Loading branch information...
4a6f656c committed May 26, 2017
1 parent 1bcb5a7 commit c80d04452814d5b0e397817ce4ed34edb4eb520d
Showing with 7 additions and 1 deletion.
  1. +7 −1 lib/libcrypto/ec/ec_asn1.c
@@ -1,4 +1,4 @@
/* $OpenBSD: ec_asn1.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: ec_asn1.c,v 1.24 2017/05/26 16:32:14 jsing Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@@ -1390,8 +1390,14 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
ECerror(ERR_R_EC_LIB);
goto err;
}
pub_oct = ASN1_STRING_data(priv_key->publicKey);
pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
if (pub_oct == NULL || pub_oct_len <= 0) {
ECerror(EC_R_BUFFER_TOO_SMALL);
goto err;
}
/* save the point conversion form */
ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
if (!EC_POINT_oct2point(ret->group, ret->pub_key,

0 comments on commit c80d044

Please sign in to comment.