Fix EC_GROUP_new_from_ecparameters to check the base length

Check that there's at least one byte in params->base before trying to read it. CVE-2021-3712 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David Benjamin <davidben@google.com>
1 year ago · 030c5aba94
parent 7c038a6bcd
commit 030c5aba94
1 changed files with 2 additions and 1 deletions
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@ -699,7 +699,8 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)

    if (params->order == NULL
            || params->base == NULL
-            || params->base->data == NULL) {
+            || params->base->data == NULL
+            || params->base->length == 0) {
        ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR);
        goto err;
    }