diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-29 02:21:50 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-29 02:21:50 +0900 |
commit | fbb5b7a6aee9a2afb7feb98885abedf066639f8a (patch) | |
tree | 26bb5e78bd5c14b1701b8a9ad3a6d381ce9bdc76 /crypto/pem/pvkfmt.c | |
parent | 814931e32985229c74c5309f805d62a859fa00a8 (diff) | |
parent | 7fb82d06746f7503323a7846448e095bf8f5ef9e (diff) | |
download | openssl-fbb5b7a6aee9a2afb7feb98885abedf066639f8a.tar.gz |
Merge branch 'OpenSSL_1_0_2-stable' of https://github.com/openssl/openssl into OpenSSL_1_0_2-stableOpenSSL_1_0_2-stable
* 'OpenSSL_1_0_2-stable' of https://github.com/openssl/openssl: (57 commits)
SRP_create_verifier does not check for NULL before OPENSSL_cleanse
Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
Fix a few leaks in X509_REQ_to_X509. Fix a possible leak on NETSCAPE_SPKI_verify failure.
Add basic test for Cisco DTLS1_BAD_VER and record replay handling
Fix ubsan 'left shift of negative value -1' error in satsub64be()
Fix SSL_export_keying_material() for DTLS1_BAD_VER
Fix the no-tls1 option
ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb.
ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
Always use session_ctx when removing a session
Avoid overflow in MDC2_Update()
SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM
Fix no-ec
Sanity check ticket length.
mk1mf: dtlstest needs ssltestlib, include it with a hack
Don't check for malloc failure twice.
Fix overflow check in BN_bn2dec()
RT2676: Reject RSA eponent if even or 1
VMS: Use strict refdef extern model when building library object files
...
Diffstat (limited to 'crypto/pem/pvkfmt.c')
-rw-r--r-- | crypto/pem/pvkfmt.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 61864468f6..1ce5a1e319 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -127,6 +127,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) # define MS_KEYTYPE_KEYX 0x1 # define MS_KEYTYPE_SIGN 0x2 +/* Maximum length of a blob after header */ +# define BLOB_MAX_LENGTH 102400 + /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ # define MS_PVKMAGIC 0xb0b5f11eL /* Salt length for PVK files */ @@ -272,6 +275,10 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) return NULL; length = blob_length(bitlen, isdss, ispub); + if (length > BLOB_MAX_LENGTH) { + PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG); + return NULL; + } buf = OPENSSL_malloc(length); if (!buf) { PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); |