root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Iterate over EC_GROUP's poly array in a safe way 

Prevent that memory beyond the last element is accessed if every element
of group->poly[] is non-zero

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2689)
This commit is contained in:
Rich Salz 2017-02-22 13:11:08 -05:00
parent 5c80e2af3a
commit 57f48f939e
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/ec/ec_asn1.c
View File

@ -15,15 +15,18 @@
int EC_GROUP_get_basis_type(const EC_GROUP *group) int EC_GROUP_get_basis_type(const EC_GROUP *group)
{ {
int i = 0; int i;
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
NID_X9_62_characteristic_two_field) NID_X9_62_characteristic_two_field)
/* everything else is currently not supported */ /* everything else is currently not supported */
return 0; return 0;
while (group->poly[i] != 0) /* Find the last non-zero element of group->poly[] */
i++; for (i = 0;
i < (int)OSSL_NELEM(group->poly) & group->poly[i] != 0;
i++)
continue;
if (i == 4) if (i == 4)
return NID_X9_62_ppBasis; return NID_X9_62_ppBasis;