File CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch of Package openssl-1_1.32466
Index: openssl-1.1.1d/crypto/sm2/sm2_crypt.c
===================================================================
--- openssl-1.1.1d.orig/crypto/sm2/sm2_crypt.c
+++ openssl-1.1.1d/crypto/sm2/sm2_crypt.c
@@ -294,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key,
C2 = sm2_ctext->C2->data;
C3 = sm2_ctext->C3->data;
msg_len = sm2_ctext->C2->length;
+ if (*ptext_len < (size_t)msg_len) {
+ SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
+ goto done;
+ }
ctx = BN_CTX_new();
if (ctx == NULL) {