Make sure buffers are large enough even for weird parameters

Submitted by: Nils Larsch
2024-11-21 01:15:20 +08:00 · 2002-06-26 14:28:41 +00:00 · 2002-06-26 14:28:41 +00:00 · 9ae08a9c04
commit 9ae08a9c04
parent 76f8a1f51d
1 changed files with 64 additions and 24 deletions
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@ -100,10 +100,34 @@ int RSA_print(BIO *bp, const RSA *x, int off)
 	char str[128];
 	const char *s;
 	unsigned char *m=NULL;
-	int i,ret=0;
+	int ret=0;
+	size_t buf_len=0, i;

-	i=RSA_size(x);
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->n)
+		buf_len = (size_t)BN_num_bytes(x->n);
+	if (x->e)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+			buf_len = i;
+	if (x->d)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+			buf_len = i;
+	if (x->p)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+			buf_len = i;
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->dmp1)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+			buf_len = i;
+	if (x->dmq1)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+			buf_len = i;
+	if (x->iqmp)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+			buf_len = i;
+
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
@ -165,22 +189,25 @@ int DSA_print(BIO *bp, const DSA *x, int off)
 	{
 	char str[128];
 	unsigned char *m=NULL;
-	int i,ret=0;
-	BIGNUM *bn=NULL;
+	int ret=0;
+	size_t buf_len=0,i;

-	if (x->p != NULL)
-		bn=x->p;
-	else if (x->priv_key != NULL)
-		bn=x->priv_key;
-	else if (x->pub_key != NULL)
-		bn=x->pub_key;
-		
-	/* larger than needed but what the hell :-) */
-	if (bn != NULL)
-		i=BN_num_bytes(bn)*2;
-	else
-		i=256;
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	if (x->priv_key)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+			buf_len = i;
+	if (x->pub_key)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+			buf_len = i;
+
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
@ -572,10 +599,15 @@ int DHparams_print_fp(FILE *fp, const DH *x)
 int DHparams_print(BIO *bp, const DH *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
+	size_t buf_len=0, i;

-	i=BN_num_bytes(x->p);
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@ -625,10 +657,18 @@ int DSAparams_print_fp(FILE *fp, const DSA *x)
 int DSAparams_print(BIO *bp, const DSA *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
+	size_t buf_len=0,i;

-	i=BN_num_bytes(x->p);
-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;