Fix memory leak on invalid ecPublicKey parameters.
One of the codepaths didn't free the group. Found by libFuzzer. BUG=chromium:603893 Change-Id: Icb81f2f89a8c1a52e29069321498986b193a0e56 Reviewed-on: https://boringssl-review.googlesource.com/7685 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
4365c3f522
commit
919610b4c4
@ -54,6 +54,11 @@ PublicKey = P-256-SPKI
|
|||||||
Input = 3082014b3082010306072a8648ce3d02013081f7020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff305b0420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b031500c49d360886e704936a6678e1139d26b7819f7e900441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200042c150f429ce70f216c252cf5e062ce1f639cd5d165c7f89424072c27197d78b33b920e95cdb664e990dcf0cfea0d94e2a8e6af9d0e58056e653104925b9fe6c9
|
Input = 3082014b3082010306072a8648ce3d02013081f7020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff305b0420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b031500c49d360886e704936a6678e1139d26b7819f7e900441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200042c150f429ce70f216c252cf5e062ce1f639cd5d165c7f89424072c27197d78b33b920e95cdb664e990dcf0cfea0d94e2a8e6af9d0e58056e653104925b9fe6c9
|
||||||
Error = DECODE_ERROR
|
Error = DECODE_ERROR
|
||||||
|
|
||||||
|
# The same as above, but with trailing data after the curve name.
|
||||||
|
PublicKey = P-256-SPKI
|
||||||
|
Input = 305b301506072a8648ce3d020106082a8648ce3d0301070500034200042c150f429ce70f216c252cf5e062ce1f639cd5d165c7f89424072c27197d78b33b920e95cdb664e990dcf0cfea0d94e2a8e6af9d0e58056e653104925b9fe6c9
|
||||||
|
Error = DECODE_ERROR
|
||||||
|
|
||||||
# A DSA private key.
|
# A DSA private key.
|
||||||
PrivateKey = DSA-1024
|
PrivateKey = DSA-1024
|
||||||
Type = DSA
|
Type = DSA
|
||||||
|
@ -93,14 +93,15 @@ static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
|
|||||||
/* See RFC 5480, section 2. */
|
/* See RFC 5480, section 2. */
|
||||||
|
|
||||||
/* The parameters are a named curve. */
|
/* The parameters are a named curve. */
|
||||||
|
EC_POINT *point = NULL;
|
||||||
|
EC_KEY *eckey = NULL;
|
||||||
EC_GROUP *group = EC_KEY_parse_curve_name(params);
|
EC_GROUP *group = EC_KEY_parse_curve_name(params);
|
||||||
if (group == NULL || CBS_len(params) != 0) {
|
if (group == NULL || CBS_len(params) != 0) {
|
||||||
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
||||||
return 0;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
EC_POINT *point = NULL;
|
eckey = EC_KEY_new();
|
||||||
EC_KEY *eckey = EC_KEY_new();
|
|
||||||
if (eckey == NULL || !EC_KEY_set_group(eckey, group)) {
|
if (eckey == NULL || !EC_KEY_set_group(eckey, group)) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user