[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Fri Mar 4 01:25:15 UTC 2016
The branch master has been updated
via 5f57abe2b150139b8b057313d52b1fe8f126c952 (commit)
from 0b2fc9286f84d12f2f103b0d29c9e6e1e2a6bf87 (commit)
- Log -----------------------------------------------------------------
commit 5f57abe2b150139b8b057313d52b1fe8f126c952
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Mar 3 23:37:36 2016 +0000
Sanity check PVK file fields.
PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.
Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.
Issue reported by Guido Vranken.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pvkfmt.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 2cd7903..117d2b7 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -119,6 +119,10 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
# define MS_PVKMAGIC 0xb0b5f11eL
/* Salt length for PVK files */
# define PVK_SALTLEN 0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN 102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN 10240
static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub);
@@ -608,6 +612,9 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
*psaltlen = read_ledword(&p);
*pkeylen = read_ledword(&p);
+ if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+ return 0;
+
if (is_encrypted && !*psaltlen) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
return 0;
More information about the openssl-commits
mailing list