diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 14:56:50 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 15:24:57 +0100 |
commit | 5140422e0d7319a8e2fe07f02cbcafc4d6538732 (patch) | |
tree | 3e9d296a23b1326891bb8bbe2480d69d5843062b | |
parent | 611098e2f01fd8c3a5a625d61f26c56fcb3d770c (diff) | |
download | gnutls-5140422e0d7319a8e2fe07f02cbcafc4d6538732.tar.gz |
opencdk: cdk_pk_get_keyid: fix stack overflow
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/opencdk/pubkey.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c index 72e7d77b7e..1c73433fd6 100644 --- a/lib/opencdk/pubkey.c +++ b/lib/opencdk/pubkey.c @@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) { u32 lowbits = 0; byte buf[24]; + int rc; if (pk && (!pk->keyid[0] || !pk->keyid[1])) { if (pk->version < 4 && is_RSA(pk->pubkey_algo)) { @@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) size_t n; n = MAX_MPI_BYTES; - _gnutls_mpi_print(pk->mpi[0], p, &n); + rc = _gnutls_mpi_print(pk->mpi[0], p, &n); + if (rc < 0 || n < 8) { + keyid[0] = keyid[1] = (u32)-1; + return (u32)-1; + } + pk->keyid[0] = p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | |