_decode_pkcs8_dsa_key: ensure that the P value is non-zero

When decoding a DSA private key, and constructing the public key ensure that P is non-zero, and thus can be used as modulus. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-01-19 09:28:08 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-01-19 09:28:08 +0100
commit: d2d11cdcea17becbff00a34334136279d3cfe4fb (patch)
tree: 32034c6eb329bf1fea3bb3d2c24314c885563b0d
parent: 765681dd78410d7bac098cde3d3adfbffdb6d927 (diff)
download: gnutls-d2d11cdcea17becbff00a34334136279d3cfe4fb.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 4e1e2686e2..cc52be94a8 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1011,6 +1011,12 @@ _decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
 		goto error;
 	}
 
+	if (_gnutls_mpi_cmp_ui(pkey->params.params[0], 0) == 0) {
+		gnutls_assert();
+		ret = GNUTLS_E_ILLEGAL_PARAMETER;
+		goto error;
+	}
+
 	/* the public key can be generated as g^x mod p */
 	ret = _gnutls_mpi_init(&pkey->params.params[3]);
 	if (ret < 0) {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-01-19 09:28:08 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-01-19 09:28:08 +0100
commit	d2d11cdcea17becbff00a34334136279d3cfe4fb (patch)
tree	32034c6eb329bf1fea3bb3d2c24314c885563b0d
parent	765681dd78410d7bac098cde3d3adfbffdb6d927 (diff)
download	gnutls-d2d11cdcea17becbff00a34334136279d3cfe4fb.tar.gz