From 56edcd3374149e6c27331d45ead6cc4c1203ebfd Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 31 Aug 2022 09:38:00 +0000 Subject: Avoid some buffer overflows in ecdsatest The ASN.1 encoding of the modified ECDSA signature can grow in size due to padding of the ASN.1 integers. Instead of reusing the same signature buffer freshly allocate it. Avoids some buffer overflows caught by ASAN. --- src/regress/lib/libcrypto/ecdsa/ecdsatest.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c index 45ffd91ab4..6cbe345d08 100644 --- a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c +++ b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsatest.c,v 1.11 2022/08/31 09:36:46 tb Exp $ */ +/* $OpenBSD: ecdsatest.c,v 1.12 2022/08/31 09:38:00 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -251,7 +251,8 @@ test_builtin(BIO *out) BIO_printf(out, "."); (void)BIO_flush(out); /* create signature */ - sig_len = ECDSA_size(eckey); + if ((sig_len = ECDSA_size(eckey)) == 0) + goto builtin_err; if ((signature = malloc(sig_len)) == NULL) goto builtin_err; if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { @@ -332,6 +333,12 @@ test_builtin(BIO *out) r = NULL; s = NULL; + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0) + goto builtin_err; + free(signature); + if ((signature = calloc(1, sig_len)) == NULL) + goto builtin_err; + sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, @@ -349,6 +356,12 @@ test_builtin(BIO *out) r = NULL; s = NULL; + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0) + goto builtin_err; + free(signature); + if ((signature = calloc(1, sig_len)) == NULL) + goto builtin_err; + sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, -- cgit v1.2.3-55-g6feb