From 8be3b458d02c53b1bf3489b408910ac6ae84273d Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Sat, 20 Feb 2021 15:41:59 +0300
Subject: [PATCH] Avoid some buffer overflows

---
 gost_keyexpimp.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/gost_keyexpimp.c b/gost_keyexpimp.c
index b960200..e4af418 100644
--- a/gost_keyexpimp.c
+++ b/gost_keyexpimp.c
@@ -46,6 +46,11 @@ int gost_kexp15(const unsigned char *shared_key, const int shared_len,
         goto err;
     }
 
+    if (shared_len + mac_len > (unsigned int)(*out_len)) {
+        GOSTerr(GOST_F_GOST_KEXP15, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
     /* we expect IV of half length */
     memset(iv_full, 0, 16);
     memcpy(iv_full, iv, ivlen);
@@ -123,6 +128,16 @@ int gost_kimp15(const unsigned char *expkey, const size_t expkeylen,
         goto err;
     }
 
+    if (expkeylen > sizeof(out)) {
+        GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ivlen > 16) {
+        GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
     /* we expect IV of half length */
     memset(iv_full, 0, 16);
     memcpy(iv_full, iv, ivlen);
-- 
2.39.5