summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2017-01-04 14:56:50 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2017-01-09 07:36:34 +0100
commit7dec871f82e205107a81281e3286f0aa9caa93b3 (patch)
tree03c61fb0b8579b6d7f3f41537fe09c172ed01464
parent6231a4a087f9fdbd5f5f274e80c7a71e3e45b9c8 (diff)
downloadgnutls-7dec871f82e205107a81281e3286f0aa9caa93b3.tar.gz
opencdk: cdk_pk_get_keyid: fix stack overflow
Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r--lib/opencdk/pubkey.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index 6e753bd256..da43129f9a 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
{
u32 lowbits = 0;
byte buf[24];
+ int rc;
if (pk && (!pk->keyid[0] || !pk->keyid[1])) {
if (pk->version < 4 && is_RSA(pk->pubkey_algo)) {
@@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
size_t n;
n = MAX_MPI_BYTES;
- _gnutls_mpi_print(pk->mpi[0], p, &n);
+ rc = _gnutls_mpi_print(pk->mpi[0], p, &n);
+ if (rc < 0 || n < 8) {
+ keyid[0] = keyid[1] = (u32)-1;
+ return (u32)-1;
+ }
+
pk->keyid[0] =
p[n - 8] << 24 | p[n - 7] << 16 | p[n -
6] << 8 |