mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix a buffer overflow in drbg_ctr_generate

Browse Source 
This can happen if the 32-bit counter overflows
and the last block is not a multiple of 16 bytes.

Fixes #12012

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12016)
This commit is contained in:
Bernd Edlinger 2020-06-02 11:52:24 +02:00
parent 2b584ff372
commit 42fa3e6669
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/rand/drbg_ctr.c
View File

@ -366,9 +366,11 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg,
ctr32 = GETU32(ctr->V + 12) + blocks;
if (ctr32 < blocks) {
/* 32-bit counter overflow into V. */
blocks -= ctr32;
buflen = blocks * 16;
ctr32 = 0;
if (ctr32 != 0) {
blocks -= ctr32;
buflen = blocks * 16;
ctr32 = 0;
}
ctr96_inc(ctr->V);
}
PUTU32(ctr->V + 12, ctr32);