From: tb Date: Mon, 1 Jan 2024 18:33:04 +0000 (+0000) Subject: Fix bounds check in EVP_PKEY_CTX_get_keygen_info() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7054f42f47971eb9b8f8ee3c8e95f9aaa30a3eb4;p=openbsd Fix bounds check in EVP_PKEY_CTX_get_keygen_info() Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily. ok miod --- diff --git a/lib/libcrypto/evp/pmeth_gn.c b/lib/libcrypto/evp/pmeth_gn.c index c91076b8db2..ce7b107c7ad 100644 --- a/lib/libcrypto/evp/pmeth_gn.c +++ b/lib/libcrypto/evp/pmeth_gn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_gn.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */ +/* $OpenBSD: pmeth_gn.c,v 1.15 2024/01/01 18:33:04 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -197,7 +197,7 @@ EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) { if (idx == -1) return ctx->keygen_info_count; - if (idx < 0 || idx > ctx->keygen_info_count) + if (idx < 0 || idx >= ctx->keygen_info_count) return 0; return ctx->keygen_info[idx]; }