RootCauseunvalidated
the sm2_plaintext_size() function in crypto/sm2/sm2_crypt.c computes the required output buffer size using a FIXED overhead formula — ASN.1 INTEGER encoding of the EC point coordinates (C1x and C1y BIGNUMs). Tension: This is WRONG because the ASN.1 INTEGER encoding of the EC point coordinates (C1x and C1y BIGNUMs) can be SHORTER than field_size bytes. Outcome: An attacker who crafts a malicious ciphertext with intentionally small C1x/C1y INTEGER values (few bytes) but a very large C2 (payload) field will cause sm2_plaintext_size to return a buffer size smaller than the actual decoded C2->length.
49f11317-91b4-40bd-a196-cb35c31ae7e2
the sm2_plaintext_size() function in crypto/sm2/sm2_crypt.c computes the required output buffer size using a FIXED overhead formula — ASN.1 INTEGER encoding of the EC point coordinates (C1x and C1y BIGNUMs). Tension: This is WRONG because the ASN.1 INTEGER encoding of the EC point coordinates (C1x and C1y BIGNUMs) can be SHORTER than field_size bytes. Outcome: An attacker who crafts a malicious ciphertext with intentionally small C1x/C1y INTEGER values (few bytes) but a very large C2 (payload) field will cause sm2_plaintext_size to return a buffer size smaller than the actual decoded C2->length.