mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed possible integer overflow in crypto_rsa_common

Browse Source 
Thanks @anticomputer for pointing this out
This commit is contained in:
akallabeth 2020-06-15 08:57:21 +02:00 committed by Armin Novak
parent caff01877d
commit 02c5ec66e5
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libfreerdp/crypto/crypto.c
View File

@ -105,11 +105,18 @@ static int crypto_rsa_common(const BYTE* input, int length, UINT32 key_length, c
BIGNUM* exp = NULL;
BIGNUM* x = NULL;
BIGNUM* y = NULL;
size_t bufferSize = 2 * key_length + exponent_size;
size_t bufferSize;
if (!input || (length < 0) || (exponent_size < 0) || !modulus || !exponent || !output)
return -1;
if (exponent_size > SIZE_MAX / 2)
return -1;
if (key_length >= SIZE_MAX / 2 - exponent_size)
return -1;
bufferSize = 2ULL * key_length + exponent_size;
if (length > bufferSize)
bufferSize = length;