From 71daae12271b4a668768aa7ff8ecfc529a0c0c0b Mon Sep 17 00:00:00 2001 From: John Preston Date: Thu, 7 Dec 2017 09:34:11 +0400 Subject: [PATCH] Fix crash in RSA public key wrapper. --- Telegram/SourceFiles/base/openssl_help.h | 3 +++ Telegram/SourceFiles/mtproto/rsa_public_key.cpp | 14 ++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Telegram/SourceFiles/base/openssl_help.h b/Telegram/SourceFiles/base/openssl_help.h index b5678d5c7..847021f2d 100644 --- a/Telegram/SourceFiles/base/openssl_help.h +++ b/Telegram/SourceFiles/base/openssl_help.h @@ -180,6 +180,9 @@ public: const BIGNUM *raw() const { return _data; } + BIGNUM *takeRaw() { + return base::take(_data); + } bool failed() const { return _failed; diff --git a/Telegram/SourceFiles/mtproto/rsa_public_key.cpp b/Telegram/SourceFiles/mtproto/rsa_public_key.cpp index 5923b9405..d2d689ede 100644 --- a/Telegram/SourceFiles/mtproto/rsa_public_key.cpp +++ b/Telegram/SourceFiles/mtproto/rsa_public_key.cpp @@ -35,7 +35,7 @@ namespace { // This is a key setter for compatibility with OpenSSL 1.0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { if ((r->n == nullptr && n == nullptr) || (r->e == nullptr && e == nullptr)) { - return false; + return 0; } if (n != nullptr) { BN_free(r->n); @@ -49,7 +49,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { BN_free(r->d); r->d = d; } - return true; + return 1; } // This is a key getter for compatibility with OpenSSL 1.0 @@ -79,10 +79,12 @@ public: } Private(base::const_byte_span nBytes, base::const_byte_span eBytes) : _rsa(RSA_new()) { if (_rsa) { - BIGNUM *n = openssl::BigNum(nBytes).raw(); - BIGNUM *e = openssl::BigNum(eBytes).raw(); - RSA_set0_key(_rsa, n, e, nullptr); - if (!n || !e) { + auto n = openssl::BigNum(nBytes).takeRaw(); + auto e = openssl::BigNum(eBytes).takeRaw(); + auto valid = (n != nullptr) && (e != nullptr); + // We still pass both values to RSA_set0_key() so that even + // if only one of them is valid RSA would take ownership of it. + if (!RSA_set0_key(_rsa, n, e, nullptr) || !valid) { RSA_free(base::take(_rsa)); } else { computeFingerprint();