diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-03-08 14:52:38 -0500 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-09 12:04:21 +0100 |
commit | e73501f208625d48db2b111b571421d25a78838f (patch) | |
tree | 90e899ecbba2a0acc253cf2480748f3a31cb8825 | |
parent | f2abc2357e93cd10db3ad8a05bd230eea2778a33 (diff) | |
download | gnutls-e73501f208625d48db2b111b571421d25a78838f.tar.gz |
Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
-rw-r--r-- | lib/opencdk/keydb.c | 2 | ||||
-rw-r--r-- | tests/cert-tests/data/openpgp-invalid10.pub | bin | 0 -> 52 bytes | |||
-rwxr-xr-x | tests/cert-tests/openpgp-cert-parser | 2 |
3 files changed, 2 insertions, 2 deletions
diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index 6fc0b9ec43..f78d35f68f 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -1400,7 +1400,7 @@ keydb_parse_allsigs(cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check) signature-> hashed, CDK_SIGSUBPKT_KEY_EXPIRE); - if (s) { + if (s && s->size == 4) { expiredate = _cdk_buftou32(s->d); pk->expiredate = diff --git a/tests/cert-tests/data/openpgp-invalid10.pub b/tests/cert-tests/data/openpgp-invalid10.pub Binary files differnew file mode 100644 index 0000000000..f1cd353eb4 --- /dev/null +++ b/tests/cert-tests/data/openpgp-invalid10.pub diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser index 4ac5a6f946..f17e160a0c 100755 --- a/tests/cert-tests/openpgp-cert-parser +++ b/tests/cert-tests/openpgp-cert-parser @@ -43,7 +43,7 @@ echo "Checking OpenPGP certificate parsing" for i in "truncated.pub" "attribute-leak-1.pub" "subpkt-leak.pub" "openpgp-invalid1.pub" \ "openpgp-invalid2.pub" "openpgp-invalid3.pub" "openpgp-invalid4.pub" "openpgp-invalid5.pub" \ "openpgp-invalid6.pub" "openpgp-invalid7.pub" "openpgp-invalid8.pub" \ - "openpgp-invalid9.pub";do + "openpgp-invalid9.pub" "openpgp-invalid10";do ${VALGRIND} "${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/${i}" rc=$? if test $rc != 1;then |