diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-12-07 13:03:15 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-12-08 15:38:59 +0100 |
commit | a14715888bc4b5bd2b1da3f8ac7d4cabef8c9cb8 (patch) | |
tree | fa2df388429555b13597ebcaccf8ee44be053484 /crypto/rsa | |
parent | 8a8bc665626113005f39121d582fd96104fb84cf (diff) | |
download | openssl-a14715888bc4b5bd2b1da3f8ac7d4cabef8c9cb8.tar.gz |
Add missing range checks on number of multi primes in rsa_ossl_mod_exp
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4862)
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa_ossl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index ced11ad883..f7b5cdca2b 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -604,7 +604,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM]; + BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2]; int ret = 0, i, ex_primes = 0; RSA_PRIME_INFO *pinfo; @@ -618,7 +618,8 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) goto err; if (rsa->version == RSA_ASN1_VERSION_MULTI - && (ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0) + && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0 + || ex_primes > RSA_MAX_PRIME_NUM - 2)) goto err; { |