提交 5ecf1141 编写于 作者: D Dr. Stephen Henson

Sanity check keylength in PVK files.

PR#2277
上级 75b76068
...@@ -759,6 +759,11 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, ...@@ -759,6 +759,11 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
/* Copy BLOBHEADER across, decrypt rest */ /* Copy BLOBHEADER across, decrypt rest */
memcpy(enctmp, p, 8); memcpy(enctmp, p, 8);
p += 8; p += 8;
if (keylen < 8)
{
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
return NULL;
}
inlen = keylen - 8; inlen = keylen - 8;
q = enctmp + 8; q = enctmp + 8;
if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册