From 0da76a9548849eb542ab090dc5eace7a2be789cb Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 30 Sep 2025 12:51:16 +0000
Subject: cms: fix incorrect length check in kek_unwrap_key()

An incorrect length check can result in a 4-byte overwrite and an
8-byte overread.

From Stanislav Fort and Viktor Dukhovni via OpenSSL.
CVE-2025-9230.

ok jsing
---
 src/lib/libcrypto/cms/cms_pwri.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index 99def8a215..f64f4ab68c 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.34 2025/09/30 12:49:34 tb Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.35 2025/09/30 12:51:16 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -267,7 +267,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
 		/* Check byte failure */
 		goto err;
 	}
-	if (inlen < (size_t)(tmp[0] - 4)) {
+	if (inlen < 4 + (size_t)tmp[0]) {
 		/* Invalid length value */
 		goto err;
 	}
-- 
cgit v1.2.3-55-g6feb