From 67dbe1ef4493b1847d1f68411ed80525322af021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Jul 2014 13:09:24 +0200 Subject: [PATCH] Better length checking in ecp_point_read_binary() --- library/ecp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index f9fb34b06..e002e3b5f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -492,6 +492,9 @@ int ecp_point_read_binary( const ecp_group *grp, ecp_point *pt, int ret; size_t plen; + if ( ilen < 1 ) + return( POLARSSL_ERR_ECP_BAD_INPUT_DATA ); + if( buf[0] == 0x00 ) { if( ilen == 1 ) @@ -529,7 +532,7 @@ int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt, const unsigned char *buf_start; /* - * We must have at least two bytes (1 for length, at least of for data) + * We must have at least two bytes (1 for length, at least one for data) */ if( buf_len < 2 ) return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );