cms: fix incorrect length check in kek_unwrap_key()HEADmaster

An incorrect length check can result in a 4-byte overwrite and an
8-byte overread.

From Stanislav Fort and Viktor Dukhovni via OpenSSL.
CVE-2025-9230.

ok jsing

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index 99def8a215..f64f4ab68c 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.34 2025/09/30 12:49:34 tb Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.35 2025/09/30 12:51:16 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -267,7 +267,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
                 /* Check byte failure */
                 goto err;
         }
-        if (inlen < (size_t)(tmp[0] - 4)) {
+        if (inlen < 4 + (size_t)tmp[0]) {
                 /* Invalid length value */
                 goto err;
         }