|
 |
873a72 |
>From 45401d6b4297f4ace2cbc2f476cf44d1f7d8dd45 Mon Sep 17 00:00:00 2001
|
|
|
873a72 |
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
873a72 |
Date: Fri, 31 Oct 2014 10:00:32 +0100
|
|
|
873a72 |
Subject: [PATCH 1/2] when exporting curve coordinates to X9.63 format, perform
|
|
|
873a72 |
additional sanity checks on input
|
|
|
873a72 |
|
|
|
873a72 |
Reported by Sean Burford.
|
|
|
873a72 |
---
|
|
|
873a72 |
lib/gnutls_ecc.c | 10 ++++++++++
|
|
|
873a72 |
1 file changed, 10 insertions(+)
|
|
|
873a72 |
|
|
|
873a72 |
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
|
|
|
873a72 |
index 847f0d2..aa6399b 100644
|
|
|
873a72 |
--- a/lib/gnutls_ecc.c
|
|
|
873a72 |
+++ b/lib/gnutls_ecc.c
|
|
|
873a72 |
@@ -53,6 +53,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
|
|
|
873a72 |
|
|
|
873a72 |
/* pad and store x */
|
|
|
873a72 |
byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8;
|
|
|
873a72 |
+ if (numlen < byte_size) {
|
|
|
873a72 |
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
|
873a72 |
+ goto cleanup;
|
|
|
873a72 |
+ }
|
|
|
873a72 |
+
|
|
|
873a72 |
size = out->size - (1 + (numlen - byte_size));
|
|
|
873a72 |
ret =
|
|
|
873a72 |
_gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)],
|
|
|
873a72 |
@@ -63,6 +68,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8;
|
|
|
873a72 |
+ if (numlen < byte_size) {
|
|
|
873a72 |
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
|
873a72 |
+ goto cleanup;
|
|
|
873a72 |
+ }
|
|
|
873a72 |
+
|
|
|
873a72 |
size = out->size - (1 + (numlen + numlen - byte_size));
|
|
|
873a72 |
ret =
|
|
|
873a72 |
_gnutls_mpi_print(y,
|
|
|
873a72 |
--
|
|
|
873a72 |
2.0.0
|
|
|
873a72 |
|