diff options
| author | tb <> | 2024-01-01 18:33:04 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-01 18:33:04 +0000 |
| commit | 23a8a257fa7066fafd85ae4c43b6a88cbf37a9c7 (patch) | |
| tree | 425ef6fa1a717909769f40672bb3331213c27771 /src | |
| parent | 2e6798d72aacc305984338a9148dfe2ea6f1611f (diff) | |
| download | openbsd-23a8a257fa7066fafd85ae4c43b6a88cbf37a9c7.tar.gz openbsd-23a8a257fa7066fafd85ae4c43b6a88cbf37a9c7.tar.bz2 openbsd-23a8a257fa7066fafd85ae4c43b6a88cbf37a9c7.zip | |
Fix bounds check in EVP_PKEY_CTX_get_keygen_info()
Replace > with >= for the upper array bound to disallow a 4 byte
overread. For RSA you can read the padding mode and for DH past
the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use
this, so we can't kill it easily.
ok miod
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/evp/pmeth_gn.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c index c91076b8db..ce7b107c7a 100644 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ b/src/lib/libcrypto/evp/pmeth_gn.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pmeth_gn.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */ | 1 | /* $OpenBSD: pmeth_gn.c,v 1.15 2024/01/01 18:33:04 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -197,7 +197,7 @@ EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) | |||
| 197 | { | 197 | { |
| 198 | if (idx == -1) | 198 | if (idx == -1) |
| 199 | return ctx->keygen_info_count; | 199 | return ctx->keygen_info_count; |
| 200 | if (idx < 0 || idx > ctx->keygen_info_count) | 200 | if (idx < 0 || idx >= ctx->keygen_info_count) |
| 201 | return 0; | 201 | return 0; |
| 202 | return ctx->keygen_info[idx]; | 202 | return ctx->keygen_info[idx]; |
| 203 | } | 203 | } |