uadk_engine/0076-uadk_engine-uadk_rsa-fix-to-free-from_buffer.patch

From 97ae256181ad35d7d637bd85b969222969f74495 Mon Sep 17 00:00:00 2001
From: Hao Fang <fanghao11@huawei.com>
Date: Sat, 25 Nov 2023 16:13:27 +0800
Subject: [PATCH 76/82] uadk_engine: uadk_rsa: fix to free from_buffer

If flen > num_bytes, need to free from_buffer.
The reasonable operation is put the size check before the memory malloc.

Signed-off-by: Hao Fang <fanghao11@huawei.com>
---
 src/uadk_rsa.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1289fd3..c9e2b34 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1358,7 +1358,7 @@ static void rsa_free_pub_bn_ctx(unsigned char **from_buf)
 }
 
 static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri,
-				 unsigned char **from_buf, int *num_bytes)
+				 unsigned char **from_buf, int *num_bytes, int flen)
 {
 	RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d);
 	if (!(pri->n) || !(pri->e) || !(pri->d))
@@ -1376,6 +1376,9 @@ static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri,
 	if (!(*num_bytes))
 		return UADK_E_FAIL;
 
+	if (flen > *num_bytes)
+		return UADK_E_FAIL;
+
 	*from_buf = OPENSSL_malloc(*num_bytes);
 	if (!(*from_buf))
 		return -ENOMEM;
@@ -1578,8 +1581,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
 		goto free_pkey;
 	}
 
-	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
-	if (ret <= 0 || flen > num_bytes) {
+	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen);
+	if (ret <= 0) {
 		ret = UADK_DO_SOFT;
 		goto free_sess;
 	}
@@ -1665,8 +1668,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
 		goto free_pkey;
 	}
 
-	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
-	if (ret <= 0 || flen > num_bytes) {
+	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen);
+	if (ret <= 0) {
 		ret = UADK_DO_SOFT;
 		goto free_sess;
 	}
-- 
2.25.1