generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix SRP buffer overrun vulnerability.

Browse Source 
Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-07-31 20:56:22 +01:00 committed by Matt Caswell
parent 83764a989d
commit 966fe81f9b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/srp/srp_lib.c
View File

@ -89,6 +89,9 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
int longg ;
int longN = BN_num_bytes(N);
if (BN_ucmp(g, N) >= 0)
return NULL;
if ((tmp = OPENSSL_malloc(longN)) == NULL)
return NULL;
BN_bn2bin(N,tmp) ;
@ -121,6 +124,9 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
if ((A == NULL) ||(B == NULL) || (N == NULL))
return NULL;
if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
return NULL;
longN= BN_num_bytes(N);
if ((cAB = OPENSSL_malloc(2*longN)) == NULL)