[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Dr. Stephen Henson steve at openssl.org
Fri Mar 4 01:26:34 UTC 2016 

The branch OpenSSL_1_0_2-stable has been updated
       via  df14e5023743bde0ed2860817729cee61fab3662 (commit)
      from  dd8518214f97041411ad2af93fd3add4f0886b64 (commit)


- Log -----------------------------------------------------------------
commit df14e5023743bde0ed2860817729cee61fab3662
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Mar 3 23:37:36 2016 +0000

    Sanity check PVK file fields.
    
    PVK files with abnormally large length or salt fields can cause an
    integer overflow which can result in an OOB read and heap corruption.
    However this is an rarely used format and private key files do not
    normally come from untrusted sources the security implications not
    significant.
    
    Fix by limiting PVK length field to 100K and salt to 10K: these should be
    more than enough to cover any files encountered in practice.
    
    Issue reported by Guido Vranken.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 5f57abe2b150139b8b057313d52b1fe8f126c952)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pem/pvkfmt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 82d4527..6186446 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -131,6 +131,10 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
 # define MS_PVKMAGIC             0xb0b5f11eL
 /* Salt length for PVK files */
 # define PVK_SALTLEN             0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN          102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN         10240
 
 static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
                          unsigned int bitlen, int ispub);
@@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
     *psaltlen = read_ledword(&p);
     *pkeylen = read_ledword(&p);
 
+    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+        return 0;
+
     if (is_encrypted && !*psaltlen) {
         PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
         return 0;

More information about the openssl-commits mailing list