src/jdk.crypto.ec/share/native/libsunec/impl/ecdecode.c

rev 16201 : 8170525: Fix minor issues in AWT/ECC/PKCS11 coding
Reviewed-by: vinnie, clanger, prr, ssadetsky

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * Use is subject to license terms.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either

@@ -32,11 +32,11 @@
  *
  * Contributor(s):
  *   Dr Vipul Gupta <vipul.gupta@sun.com> and
  *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
  *
- * Last Modified Date from the Original Code: March 2012
+ * Last Modified Date from the Original Code: Nov 2016
  *********************************************************************** */
 
 #include <sys/types.h>
 
 #ifndef _WIN32

@@ -117,10 +117,13 @@
     if (((int)name < ECCurve_noName) || (name > ECCurve_pastLastCurve))
         goto cleanup;
     params->name = name;
     curveParams = ecCurve_map[params->name];
     CHECK_OK(curveParams);
+    if ((strlen(curveParams->genx) + strlen(curveParams->geny)) > 2 * 2 * MAX_ECKEY_LEN) {
+        goto cleanup;
+    }
     params->fieldID.size = curveParams->size;
     params->fieldID.type = field_type;
     if (field_type == ec_field_GFp) {
         CHECK_OK(hexString2SECItem(NULL, &params->fieldID.u.prime,
             curveParams->irr, kmflag));