diff options
| author | Alexandr Nedvedicky <sashan@openssl.org> | 2024-08-28 14:37:07 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-09-03 21:18:51 +0200 |
| commit | bbe4571f570ec28b4709746b6d4d624ca5394cc6 (patch) | |
| tree | f5f570daaa7d602c9fe0b329a7211a63085262dc | |
| parent | s390x: Fix prehash-by-caller handling for ED25519 and ED448 (diff) | |
| download | openssl-bbe4571f570ec28b4709746b6d4d624ca5394cc6.tar.xz openssl-bbe4571f570ec28b4709746b6d4d624ca5394cc6.zip | |
EVP_CIPHER_CTX_get_algor_params() may attempt to access params array
at position -1 (prams[=1]).
The issue has been reported by coverity check.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25303)
| -rw-r--r-- | crypto/evp/evp_lib.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 1aebd718f0..4440582e4f 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -1306,6 +1306,8 @@ int EVP_CIPHER_CTX_get_algor_params(EVP_CIPHER_CTX *ctx, X509_ALGOR *alg) i = 0; if (OSSL_PARAM_modified(¶ms[1]) && params[1].return_size != 0) i = 1; + if (i < 0) + goto err; /* * If alg->parameter is non-NULL, it will be changed by d2i_ASN1_TYPE() @@ -1318,7 +1320,7 @@ int EVP_CIPHER_CTX_get_algor_params(EVP_CIPHER_CTX *ctx, X509_ALGOR *alg) derk = params[i].key; derl = params[i].return_size; - if (i >= 0 && (der = OPENSSL_malloc(derl)) != NULL) { + if ((der = OPENSSL_malloc(derl)) != NULL) { unsigned char *derp = der; params[i] = OSSL_PARAM_construct_octet_string(derk, der, derl); |