Update to openssl 1.0.2j

Signed-off-by: Gary Lin <glin@suse.com>
author: Gary Lin <glin@suse.com> 2016-10-13 15:57:25 +0800
committer: Peter Jones <pjones@redhat.com> 2016-11-30 12:57:34 -0500
commit: b371a682fb67ff945a8095437b9b33cab549bb49 (patch)
tree: 55aa1f4552b1c96dbfd1b110e210cb7471ee06e4 /Cryptlib/OpenSSL/crypto/pem/pvkfmt.c
parent: 43ad947f6e7d1e899d86fd8ca66a55ffbc3ed2b2 (diff)
download: efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.tar.gz
efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c
index 61864468..1ce5a1e3 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c
@@ -127,6 +127,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
 # define MS_KEYTYPE_KEYX         0x1
 # define MS_KEYTYPE_SIGN         0x2
 
+/* Maximum length of a blob after header */
+# define BLOB_MAX_LENGTH          102400
+
 /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
 # define MS_PVKMAGIC             0xb0b5f11eL
 /* Salt length for PVK files */
@@ -272,6 +275,10 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
         return NULL;
 
     length = blob_length(bitlen, isdss, ispub);
+    if (length > BLOB_MAX_LENGTH) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG);
+        return NULL;
+    }
     buf = OPENSSL_malloc(length);
     if (!buf) {
         PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
author	Gary Lin <glin@suse.com>	2016-10-13 15:57:25 +0800
committer	Peter Jones <pjones@redhat.com>	2016-11-30 12:57:34 -0500
commit	b371a682fb67ff945a8095437b9b33cab549bb49 (patch)
tree	55aa1f4552b1c96dbfd1b110e210cb7471ee06e4 /Cryptlib/OpenSSL/crypto/pem/pvkfmt.c
parent	43ad947f6e7d1e899d86fd8ca66a55ffbc3ed2b2 (diff)
download	efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.tar.gz efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.zip