From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Sat, 20 Feb 2021 12:41:59 +0000 (+0300)
Subject: Avoid some buffer overflows
X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=9b492b334213ea6dfb76d746e93c4b69a4b36175;p=openssl-gost%2Fengine.git

Avoid some buffer overflows
---

diff --git a/gost_keyexpimp.c b/gost_keyexpimp.c
index b94531f..7c28a03 100644
--- a/gost_keyexpimp.c
+++ b/gost_keyexpimp.c
@@ -39,6 +39,11 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len,
         goto err;
     }
 
+    if (shared_len + mac_len > (unsigned int)(*out_len)) {
+        GOSTerr(GOST_F_GOST_KEXP15, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
     /* we expect IV of half length */
     memset(iv_full, 0, 16);
     memcpy(iv_full, iv, ivlen);
@@ -116,6 +121,16 @@ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen,
         goto err;
     }
 
+    if (expkeylen > sizeof(out)) {
+        GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ivlen > 16) {
+        GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
     /* we expect IV of half length */
     memset(iv_full, 0, 16);
     memcpy(iv_full, iv, ivlen);