when exporting curve coordinates to X9.63 format, perform additional sanity checks...

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Fri, 31 Oct 2014 09:00:32 +0000 (10:00 +0100)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Sun, 9 Nov 2014 22:02:45 +0000 (23:02 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 31 Oct 2014 09:00:32 +0000 (10:00 +0100)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 9 Nov 2014 22:02:45 +0000 (23:02 +0100)
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c

index 847f0d2e85760f9c36696c731a27687a7b84bcfe..aa6399b5dfd8a3027a9c1979dcfa1a805be40342 100644 (file)
--- a/lib/gnutls_ecc.c
+++ b/lib/gnutls_ecc.c
@@ -53,6 +53,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
  
         /* pad and store x */
         byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8;
+       if (numlen < byte_size) {
+               ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+               goto cleanup;
+       }
+
         size = out->size - (1 + (numlen - byte_size));
         ret =
             _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)],
@@ -63,6 +68,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
         }
  
         byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8;
+       if (numlen < byte_size) {
+               ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+               goto cleanup;
+       }
+
         size = out->size - (1 + (numlen + numlen - byte_size));
         ret =
             _gnutls_mpi_print(y,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Fri, 31 Oct 2014 09:00:32 +0000 (10:00 +0100)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Sun, 9 Nov 2014 22:02:45 +0000 (23:02 +0100)