openEuler-24.03-LTS-update-before-20241025

分支 (30)

标签 (37)

管理

管理

master

openEuler-24.03-LTS

openEuler-24.03-LTS-SP1

openEuler-24.03-LTS-Next

openEuler-20.03-LTS-SP4

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP4

openEuler-25.03

openEuler-22.03-LTS-SP1

sync-pr258-master-to-openEuler-24.09

sync-pr257-openEuler-22.03-LTS-SP3-to-openEuler-22.03-LTS-SP1

sync-pr257-openEuler-22.03-LTS-SP3-to-openEuler-22.03-LTS-SP4

openEuler-24.09

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS

openEuler-22.03-LTS-Next

openEuler-20.03-LTS-SP1

openEuler-24.03-LTS-Loongarch

openEuler-20.03-LTS-SP3

openEuler-23.09

openEuler-24.03-LTS-update-20250321

openEuler-24.03-LTS-SP1-update-20250321

openEuler-24.03-LTS-update-20250228

openEuler-24.03-LTS-SP1-update-20250228

openEuler-22.03-LTS-SP3-update-20250228

openEuler-22.03-LTS-SP4-update-20250228

openEuler-20.03-LTS-SP4-update-20250228

openEuler-24.03-LTS-SP1-release

openEuler-22.03-LTS-SP4-update-before-20241025

openEuler-22.03-LTS-SP4-before-20241025

openEuler-24.03-LTS-update-before-20241025

openEuler-20.03-LTS-SP4-update-20241025

openEuler-22.03-LTS-SP1-update-20241025

openEuler-22.03-LTS-SP3-update-20241025

openEuler-22.03-LTS-SP4-update-20241025

openEuler-24.03-LTS-update-20241025

openEuler-24.03-LTS-update-20241018

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

edk2
/
0087-Fix-EC_GROUP_new_from_ecparamete...

From 0d71cee87b0bce7d3729ac4bbefbb42bda6cdb3c Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 19 Aug 2021 12:24:17 +0100
Subject: [PATCH 8/9] Fix EC_GROUP_new_from_ecparameters to check the base
 length

Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
---
 CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_asn1.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_asn1.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_asn1.c
index 336afc9..98a742d 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_asn1.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/ec/ec_asn1.c
@@ -747,7 +747,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
         ret->seed_len = params->curve->seed->length;
     }

-    if (!params->order || !params->base || !params->base->data) {
+    if (params->order == NULL
+            || params->base == NULL
+            || params->base->data == NULL
+            || params->base->length == 0) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
         goto err;
     }
--
2.33.0