Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey (3e5df378) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 3e5df378 authored Aug 25, 2014 by

Emilia Kasper

Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey



The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)

parent 4e5f9f8a

Hide whitespace changes

Inline Side-by-side

Please register or to comment