Ask for signature length before allocating a buffer.

This fixes a potential heap buffer overflow that may happen when a signature is longer than the private key, as with X9.62 ECDSA (pyca#609).
reaperhulk · Jul 20, 2017 · 36f8d81 · 36f8d81
1 parent 8cb1d25
commit 36f8d81
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
@@ -2801,9 +2801,13 @@ def sign(pkey, data, digest):
     _lib.EVP_SignInit(md_ctx, digest_obj)
     _lib.EVP_SignUpdate(md_ctx, data, len(data))
 
-    pkey_length = (PKey.bits(pkey) + 7) // 8
-    signature_buffer = _ffi.new("unsigned char[]", pkey_length)
-    signature_length = _ffi.new("unsigned int*")
+    # obtain the length of the signature.
+    signature_length = _ffi.new("unsigned int[]", 1)
+    len_result = _lib.EVP_SignFinal(
+        md_ctx, _ffi.NULL, signature_length, pkey._pkey)
+    _openssl_assert(len_result == 1)
+
+    signature_buffer = _ffi.new("unsigned char[]", signature_length[0])
     final_result = _lib.EVP_SignFinal(
         md_ctx, signature_buffer, signature_length, pkey._pkey)
     _openssl_assert(final_result == 1)