diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-07-08 19:33:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-07-08 19:37:20 +0200 |
commit | ed93d5f01d7c118c9f6ded65495b9787a9c80fee (patch) | |
tree | 15dcdaa59450d71976c6c4b1c6dd69d44a1a500b | |
parent | b50f6c63189043ab2cce2fba641c1512fe61da7b (diff) | |
download | gnutls-ed93d5f01d7c118c9f6ded65495b9787a9c80fee.tar.gz |
encode_ber_digest_info: added sanity check
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195 | bin | 0 -> 1394 bytes | |||
-rw-r--r-- | lib/pk.c | 4 |
2 files changed, 4 insertions, 0 deletions
diff --git a/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195 b/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195 Binary files differnew file mode 100644 index 0000000000..86b66c022c --- /dev/null +++ b/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195 @@ -598,6 +598,10 @@ encode_ber_digest_info(const mac_entry_st * e, uint8_t *tmp_output; int tmp_output_size; + /* prevent asn1_write_value() treating input as string */ + if (digest->size == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + algo = _gnutls_x509_mac_to_oid(e); if (algo == NULL) { gnutls_assert(); |