From: Matt Caswell <matt@openssl.org>
Date: Thu, 19 Aug 2021 11:24:17 +0000 (+0100)
Subject: Fix EC_GROUP_new_from_ecparameters to check the base length
X-Git-Tag: openssl-3.0.0~85
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=030c5aba94788f152f9ceef3549815df45bef702;p=thirdparty%2Fopenssl.git

Fix EC_GROUP_new_from_ecparameters to check the base length

Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
---

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 0e37b21ac39..b3a791eb645 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -699,7 +699,8 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
 
     if (params->order == NULL
             || params->base == NULL
-            || params->base->data == NULL) {
+            || params->base->data == NULL
+            || params->base->length == 0) {
         ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR);
         goto err;
     }