From: Nikos Mavrogiannopoulos Date: Fri, 31 Oct 2014 09:00:32 +0000 (+0100) Subject: when exporting curve coordinates to X9.63 format, perform additional sanity checks... X-Git-Tag: gnutls_3_4_0~653 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=470ade2a99ec5bcfb1b191b175bc1943aa50f359;p=thirdparty%2Fgnutls.git when exporting curve coordinates to X9.63 format, perform additional sanity checks on input Reported by Sean Burford. --- diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c index 847f0d2e85..aa6399b5df 100644 --- a/lib/gnutls_ecc.c +++ b/lib/gnutls_ecc.c @@ -53,6 +53,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, /* pad and store x */ byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + size = out->size - (1 + (numlen - byte_size)); ret = _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)], @@ -63,6 +68,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, } byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8; + if (numlen < byte_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + size = out->size - (1 + (numlen + numlen - byte_size)); ret = _gnutls_mpi_print(y,