openssl/0128-SAST-findings.patch

25 lines
1.0 KiB
Diff
Raw Permalink Normal View History

diff -up openssl-3.2.2/crypto/rsa/rsa_oaep.c.xxx openssl-3.2.2/crypto/rsa/rsa_oaep.c
--- openssl-3.2.2/crypto/rsa/rsa_oaep.c.xxx 2024-08-14 14:22:48.733407808 +0200
+++ openssl-3.2.2/crypto/rsa/rsa_oaep.c 2024-08-14 14:23:32.994483135 +0200
@@ -233,7 +233,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(un
mdlen = EVP_MD_get_size(md);
- if (tlen <= 0 || flen <= 0)
+ if (tlen <= 0 || flen <= 0 || mdlen <= 0)
return -1;
/*
* |num| is the length of the modulus; |flen| is the length of the
diff -up openssl-3.2.2/crypto/x509/pcy_tree.c.xxx openssl-3.2.2/crypto/x509/pcy_tree.c
--- openssl-3.2.2/crypto/x509/pcy_tree.c.xxx 2024-08-14 14:14:13.144850097 +0200
+++ openssl-3.2.2/crypto/x509/pcy_tree.c 2024-08-14 14:14:53.213826481 +0200
@@ -110,6 +110,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
*ptree = NULL;
+ if (n < 0)
+ return X509_PCY_TREE_INTERNAL;
/* Can't do anything with just a trust anchor */
if (n == 0)
return X509_PCY_TREE_EMPTY;