Revamp get_bn_from_mpint()

* Add bounds checking.
* Add error checking for OpenSSL calls.
* Only set argument *bnp on success.

1 files changed, 21 insertions, 8 deletions

diff --git a/lib/crypto/c_src/bn.c b/lib/crypto/c_src/bn.c
index b576c46e1e..a8112350dc 100644
--- a/lib/crypto/c_src/bn.c
+++ b/lib/crypto/c_src/bn.c
@@ -23,18 +23,31 @@
 
 int get_bn_from_mpint(ErlNifEnv* env, ERL_NIF_TERM term, BIGNUM** bnp)
 {
+    BIGNUM *ret;
     ErlNifBinary bin;
     int sz;
-    if (!enif_inspect_binary(env,term,&bin)) {
-	return 0;
-    }
+
+    if (!enif_inspect_binary(env, term, &bin))
+        goto err;
+    if (bin.size > INT_MAX - 4)
+        goto err;
+
     ERL_VALGRIND_ASSERT_MEM_DEFINED(bin.data, bin.size);
-    sz = bin.size - 4;
-    if (sz < 0 || get_int32(bin.data) != sz) {
-	return 0;
-    }
-    *bnp = BN_bin2bn(bin.data+4, sz, NULL);
+
+    if (bin.size < 4)
+        goto err;
+    sz = (int)bin.size - 4;
+    if (get_int32(bin.data) != sz)
+        goto err;
+
+    if ((ret = BN_bin2bn(bin.data+4, sz, NULL)) == NULL)
+        goto err;
+
+    *bnp = ret;
     return 1;
+
+ err:
+    return 0;
 }
 
 int get_bn_from_bin(ErlNifEnv* env, ERL_NIF_TERM term, BIGNUM** bnp)