From 41e7cade5889d238ca695806451db227b9792cd9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Dec 2016 00:53:22 -0500 Subject: Avoid crash in PKCS1v1.5 unpadding if input len <= 2 Don't think this can't happen outside of a fuzzer test --- src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp index 9bab8eb95..b14808da0 100644 --- a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp +++ b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp @@ -48,6 +48,12 @@ secure_vector EME_PKCS1v15::pad(const byte in[], size_t inlen, secure_vector EME_PKCS1v15::unpad(byte& valid_mask, const byte in[], size_t inlen) const { + if(inlen < 2) + { + valid_mask = false; + return secure_vector(); + } + CT::poison(in, inlen); byte bad_input_m = 0; -- cgit v1.2.3