Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752911984, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"8ef75eb73906eb919dde2c2b75e05cfa", "commit": {"type":"commit", "time": 1535514434, "time_ofs": 600, "oid_tree": { "oid": "8a841594478f976170e6439857ce4f4ee1085dde", "alias": []}, "oid":{ "oid": "307a494e5b01ff9f334a8242d31b8254c7c54baa", "alias": []}, "msg": "fix out-of-bounds write in sm2_crypt.c", "sig_commit": { "git_time": { "time": 1535514434, "offset": 600 }, "name": "Pauli", "email": "paul.dale@oracle.com", "md5": "4616f8cb80bd6ce4dab75d05e07cd125" }, "sig_author": { "git_time": { "time": 1534908131, "offset": 480 }, "name": "ymlbright", "email": "yml_bright@163.com", "md5": "370bccc4c3a51a8e358f3deaf47a32aa" }}, "body": "fix out-of-bounds write in sm2_crypt.c\n\nasn1_encode has two form length octets: short form(1 byte), long form(1+n byte).\n\nCLA: Trivial\n\nReviewed-by: Nicola Tuveri \u003cnic.tuv@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpaul.dale@oracle.com\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/7027)\n" , "diff": "diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c\nindex 9e78873..9c69a45 100644\n--- a/crypto/sm2/sm2_crypt.c\n+++ b/crypto/sm2/sm2_crypt.c\n@@ -91,11 +91,18 @@ int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,\n {\n const size_t field_size \u003d ec_field_size(EC_KEY_get0_group(key));\n const int md_size \u003d EVP_MD_size(digest);\n+ size_t sz;\n \n if (field_size \u003d\u003d 0 || md_size \u003c 0)\n return 0;\n \n- *ct_size \u003d 12 + 2 * field_size + (size_t)md_size + msg_len;\n+ /* Integer and string are simple type; set constructed \u003d 0, means primitive and definite length encoding. */\n+ sz \u003d 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)\n+ + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)\n+ + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);\n+ /* Sequence is structured type; set constructed \u003d 1, means constructed and definite length encoding. */\n+ *ct_size \u003d ASN1_object_size(1, sz, V_ASN1_SEQUENCE);\n+\n return 1;\n }\n \n","s":{"c":1752838184,"u": 52341}} ],"g": 1238,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "7d0a"}