From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu, 11 Sep 2025 16:10:12 +0000 (+0200)
Subject: kek_unwrap_key(): Fix incorrect check of unwrapped key size
X-Git-Tag: openssl-3.0.18~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def;p=thirdparty%2Fopenssl.git

kek_unwrap_key(): Fix incorrect check of unwrapped key size

Fixes CVE-2025-9230

The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
---

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index d5c3c8d399d..33a7ccaa76a 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -229,7 +229,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
         /* Check byte failure */
         goto err;
     }
-    if (inlen < (size_t)(tmp[0] - 4)) {
+    if (inlen < 4 + (size_t)tmp[0]) {
         /* Invalid length value */
         goto err;
     }