Fix EC_GROUP_new_from_ecparameters to check the base length

Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
master
Matt Caswell 1 year ago
parent 7c038a6bcd
commit 030c5aba94

@ -699,7 +699,8 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
if (params->order == NULL
|| params->base == NULL
|| params->base->data == NULL) {
|| params->base->data == NULL
|| params->base->length == 0) {
ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR);
goto err;
}

Loading…
Cancel
Save