when exporting curve coordinates to X9.63 format, perform additional sanity checks on input

Reported by Sean Burford.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-10-31 10:00:32 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-11-09 23:02:45 +0100
commit: 470ade2a99ec5bcfb1b191b175bc1943aa50f359 (patch)
tree: e26adb7c4ee6d077c1be8cdd81e683430b4d3bd8 /lib/gnutls_ecc.c
parent: 0ccf8761eeea721f3cb1e1d45fbebd3d86353d9c (diff)
download: gnutls-470ade2a99ec5bcfb1b191b175bc1943aa50f359.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
index 847f0d2e85..aa6399b5df 100644
--- a/lib/gnutls_ecc.c
+++ b/lib/gnutls_ecc.c
@@ -53,6 +53,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
 
 	/* pad and store x */
 	byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8;
+	if (numlen < byte_size) {
+		ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+		goto cleanup;
+	}
+
 	size = out->size - (1 + (numlen - byte_size));
 	ret =
 	    _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)],
@@ -63,6 +68,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
 	}
 
 	byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8;
+	if (numlen < byte_size) {
+		ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+		goto cleanup;
+	}
+
 	size = out->size - (1 + (numlen + numlen - byte_size));
 	ret =
 	    _gnutls_mpi_print(y,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-10-31 10:00:32 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-11-09 23:02:45 +0100
commit	470ade2a99ec5bcfb1b191b175bc1943aa50f359 (patch)
tree	e26adb7c4ee6d077c1be8cdd81e683430b4d3bd8 /lib/gnutls_ecc.c
parent	0ccf8761eeea721f3cb1e1d45fbebd3d86353d9c (diff)
download	gnutls-470ade2a99ec5bcfb1b191b175bc1943aa50f359.tar.gz