From: Daniel Fiala <daniel@openssl.org>
Date: Mon, 11 Apr 2022 19:58:31 +0000 (+0200)
Subject: Do a prelimary check for numbers in openssl prime command.
X-Git-Tag: openssl-3.2.0-alpha1~2755
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b74fdcf1d5eb311e44b7eaa293df6caf54ae70b;p=thirdparty%2Fopenssl.git

Do a prelimary check for numbers in openssl prime command.

Fixes openssl#16241.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18092)
---

diff --git a/apps/prime.c b/apps/prime.c
index 190254d90e4..49c4b1a2bfb 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -19,6 +19,23 @@ typedef enum OPTION_choice {
     OPT_PROV_ENUM
 } OPTION_CHOICE;
 
+static int check_num(const char *s, const int is_hex)
+{
+    int i;
+    /*
+     * It would make sense to use ossl_isxdigit and ossl_isdigit here,
+     * but ossl_ctype_check is a local symbol in libcrypto.so.
+     */
+    if (is_hex) {
+        for (i = 0; ('0' <= s[i] && s[i] <= '9')
+                    || ('A' <= s[i] && s[i] <= 'F')
+                    || ('a' <= s[i] && s[i] <= 'f'); i++);
+    } else {
+        for (i = 0;  '0' <= s[i] && s[i] <= '9'; i++);
+    }
+    return s[i] == 0;
+}
+
 const OPTIONS prime_options[] = {
     {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
 
@@ -117,12 +134,10 @@ opthelp:
         OPENSSL_free(s);
     } else {
         for ( ; *argv; argv++) {
-            int r;
+            int r = check_num(argv[0], hex);
 
-            if (hex)
-                r = BN_hex2bn(&bn, argv[0]);
-            else
-                r = BN_dec2bn(&bn, argv[0]);
+            if (r)
+                r = hex ? BN_hex2bn(&bn, argv[0]) : BN_dec2bn(&bn, argv[0]);
 
             if (!r) {
                 BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);