]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 658181f) | patch
Fix OOB read in EC_GROUP_new_from_params() with zero-length generator
authorHarry Betts <harrybetts06@proton.me>
Sat, 9 May 2026 06:54:52 +0000 (16:54 +1000)
committerEugene Syromiatnikov <esyr@openssl.org>
Mon, 11 May 2026 08:32:09 +0000 (10:32 +0200)
commit2f3704f3b68485daaba5e9243bb8b13791ea023b
tree1f9161f547eb7166b1b94520a61d34af22518a9ctree | snapshot
parent658181faa860aa3902b1f5e486e76d3b938ec342commit | diff
Fix OOB read in EC_GROUP_new_from_params() with zero-length generator

When OSSL_PKEY_PARAM_EC_GENERATOR is provided as an octet string of
length 0, buf[0] is read before validating data_size, causing a
heap-buffer-overflow detectable under ASan.

Reject zero-length generator octet strings before the dereference.

CLA: trivial
Resolves: https://github.com/openssl/openssl/issues/31125
Fixes: c0f39ded68ba "Add Explicit EC parameter support to providers."
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Mon May 11 08:34:15 2026
(Merged from https://github.com/openssl/openssl/pull/31128)
crypto/ec/ec_lib.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git