From 720093129ad69d2a77212615d73b17427db35a01 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 31 Aug 2022 09:33:39 +0000 Subject: [PATCH] Avoid some buffer overflows in ecdsatest The ASN.1 encoding of the modified ECDSA signature can grow in size due to padding of the ASN.1 integers. Instead of reusing the same signature buffer freshly allocate it. Avoids some buffer overflows caught by ASAN. --- regress/lib/libcrypto/ecdsa/ecdsatest.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/regress/lib/libcrypto/ecdsa/ecdsatest.c b/regress/lib/libcrypto/ecdsa/ecdsatest.c index 683260aeeef..5e2419a91fc 100644 --- a/regress/lib/libcrypto/ecdsa/ecdsatest.c +++ b/regress/lib/libcrypto/ecdsa/ecdsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsatest.c,v 1.9 2022/03/31 09:36:09 tb Exp $ */ +/* $OpenBSD: ecdsatest.c,v 1.10 2022/08/31 09:33:39 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -251,7 +251,8 @@ test_builtin(BIO *out) BIO_printf(out, "."); (void)BIO_flush(out); /* create signature */ - sig_len = ECDSA_size(eckey); + if ((sig_len = ECDSA_size(eckey)) == 0) + goto builtin_err; if ((signature = malloc(sig_len)) == NULL) goto builtin_err; if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { @@ -332,8 +333,13 @@ test_builtin(BIO *out) r = NULL; s = NULL; + free(signature); + signature = NULL; + sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2)) <= 0) + goto builtin_err; + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); @@ -349,8 +355,12 @@ test_builtin(BIO *out) r = NULL; s = NULL; + free(signature); + signature = NULL; + sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2)) <= 0) + goto builtin_err; if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); -- 2.20.1