Hans Leidekker : bcrypt: Make DH blob size validation more strict in key_import_pair(). - wine-commits

18 Jan 2024

Module: wine
Branch: master
Commit: 3ef933c08f44e8097f9abefede17f9171431a1c2
URL:    https://gitlab.winehq.org/wine/wine/-/commit/3ef933c08f44e8097f9abefede17f91...
Author: Hans Leidekker hans@codeweavers.com
Date:   Thu Dec  7 12:30:08 2023 +0100
bcrypt: Make DH blob size validation more strict in key_import_pair().
---
dlls/bcrypt/bcrypt_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 131fc2c2453..0f2d94a418f 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1929,7 +1929,7 @@ static NTSTATUS key_import_pair( struct algorithm *alg, const WCHAR *type, BCRYP
     {
         BCRYPT_DH_KEY_BLOB *dh_blob = (BCRYPT_DH_KEY_BLOB *)input;
-        if (input_len < sizeof(*dh_blob)) return STATUS_INVALID_PARAMETER;
+        if (input_len != sizeof(*dh_blob) + dh_blob->cbKey * 4) return STATUS_INVALID_PARAMETER;
         if (alg->id != ALG_ID_DH || dh_blob->dwMagic != BCRYPT_DH_PRIVATE_MAGIC)
             return STATUS_NOT_SUPPORTED;
@@ -1948,7 +1948,7 @@ static NTSTATUS key_import_pair( struct algorithm *alg, const WCHAR *type, BCRYP
     {
         BCRYPT_DH_KEY_BLOB *dh_blob = (BCRYPT_DH_KEY_BLOB *)input;
-        if (input_len < sizeof(*dh_blob)) return STATUS_INVALID_PARAMETER;
+        if (input_len != sizeof(*dh_blob) + dh_blob->cbKey * 3) return STATUS_INVALID_PARAMETER;
         if (alg->id != ALG_ID_DH || dh_blob->dwMagic != BCRYPT_DH_PUBLIC_MAGIC)
             return STATUS_NOT_SUPPORTED;

    