Skip to content
Commit df14e502 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Sanity check PVK file fields.



PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.

Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.

Issue reported by Guido Vranken.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(cherry picked from commit 5f57abe2)
parent dd851821
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment