From: Matt Caswell <matt@openssl.org>
Date: Fri, 13 Aug 2021 15:58:21 +0000 (+0100)
Subject: Check the plaintext buffer is large enough when decrypting SM2
X-Git-Tag: openssl-3.0.0~80
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad1ca777f9702f355a2f74dc5eed713476825f23;p=thirdparty%2Fopenssl.git

Check the plaintext buffer is large enough when decrypting SM2

Previously there was no check that the supplied buffer was large enough.
It was just assumed to be sufficient. Instead we should check and fail if
not.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
---

diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index 2c7264e42b6..e26b48390a9 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -312,6 +312,10 @@ int ossl_sm2_decrypt(const EC_KEY *key,
     C2 = sm2_ctext->C2->data;
     C3 = sm2_ctext->C3->data;
     msg_len = sm2_ctext->C2->length;
+    if (*ptext_len < (size_t)msg_len) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
+        goto done;
+    }
 
     ctx = BN_CTX_new_ex(libctx);
     if (ctx == NULL) {