From 3a0837ffd520855b3a68b79d9382986b1a80211d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 8 Sep 2014 12:14:58 -0700
Subject: [PATCH] sanity size checks on ecc private key import

---
 ctaocrypt/src/asn.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index ad3f35026..eb5b18d60 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -6459,6 +6459,9 @@ int EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     if (GetLength(input, inOutIdx, &length, inSz) < 0)
         return ASN_PARSE_E;
 
+    if (length > ECC_MAXSIZE)
+        return BUFFER_E;
+
 #ifdef CYASSL_SMALL_STACK
     priv = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (priv == NULL)
@@ -6537,11 +6540,13 @@ int EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
                 else {
                     /* pub key */
                     pubSz = length - 1;  /* null prefix */
-                    XMEMCPY(pub, &input[*inOutIdx], pubSz);
-
-                    *inOutIdx += length;
-
-                    ret = ecc_import_private_key(priv, privSz, pub, pubSz, key);
+                    if (pubSz < (ECC_MAXSIZE*2 + 1)) {
+                        XMEMCPY(pub, &input[*inOutIdx], pubSz);
+                        *inOutIdx += length;
+                        ret = ecc_import_private_key(priv, privSz, pub, pubSz,
+                                                     key);
+                    } else
+                        ret = BUFFER_E;
                 }
             }
         }