From: tb <tb@openbsd.org>
Date: Wed, 31 Aug 2022 09:38:00 +0000 (+0000)
Subject: Avoid some buffer overflows in ecdsatest
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f430d62b4fe075df6845f568cfe89f342a413eae;p=openbsd

Avoid some buffer overflows in ecdsatest

The ASN.1 encoding of the modified ECDSA signature can grow in size due to
padding of the ASN.1 integers. Instead of reusing the same signature buffer
freshly allocate it. Avoids some buffer overflows caught by ASAN.
---

diff --git a/regress/lib/libcrypto/ecdsa/ecdsatest.c b/regress/lib/libcrypto/ecdsa/ecdsatest.c
index 45ffd91ab40..6cbe345d08e 100644
--- a/regress/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/regress/lib/libcrypto/ecdsa/ecdsatest.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ecdsatest.c,v 1.11 2022/08/31 09:36:46 tb Exp $	*/
+/*	$OpenBSD: ecdsatest.c,v 1.12 2022/08/31 09:38:00 tb Exp $	*/
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -251,7 +251,8 @@ test_builtin(BIO *out)
 		BIO_printf(out, ".");
 		(void)BIO_flush(out);
 		/* create signature */
-		sig_len = ECDSA_size(eckey);
+		if ((sig_len = ECDSA_size(eckey)) == 0)
+			goto builtin_err;
 		if ((signature = malloc(sig_len)) == NULL)
 			goto builtin_err;
 		if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
@@ -332,6 +333,12 @@ test_builtin(BIO *out)
 		r = NULL;
 		s = NULL;
 
+		if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0)
+			goto builtin_err;
+		free(signature);
+		if ((signature = calloc(1, sig_len)) == NULL)
+			goto builtin_err;
+
 		sig_ptr2 = signature;
 		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
 		if (ECDSA_verify(0, digest, 20, signature, sig_len,
@@ -349,6 +356,12 @@ test_builtin(BIO *out)
 		r = NULL;
 		s = NULL;
 
+		if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0)
+			goto builtin_err;
+		free(signature);
+		if ((signature = calloc(1, sig_len)) == NULL)
+			goto builtin_err;
+
 		sig_ptr2 = signature;
 		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
 		if (ECDSA_verify(0, digest, 20, signature, sig_len,