diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-12-14 10:37:55 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-12-14 11:05:11 +0100 |
commit | 9a6979a40b2d67eb648ceb447629679887e8c2bc (patch) | |
tree | dcbc7c02ab600b8bbffaa7a128236db8b9cffbf3 | |
parent | c0e82ce8ca27e86deba1e68d396572e67f56a2c8 (diff) | |
download | gnutls-9a6979a40b2d67eb648ceb447629679887e8c2bc.tar.gz |
PKCS#5,7 decryption: enforce limits in the support parameter sizes
This allows to detect invalid parameters early rather than later.
Relates #148
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 38 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 4 |
2 files changed, 30 insertions, 12 deletions
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 4b645b4856..5834afb938 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -1371,6 +1371,11 @@ read_pbkdf2_params(ASN1_TYPE pbes2_asn, } _gnutls_hard_log("salt.specified.size: %d\n", params->salt_size); + if (params->salt_size < 0) { + result = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + goto error; + } + /* read the iteration count */ result = @@ -1380,6 +1385,12 @@ read_pbkdf2_params(ASN1_TYPE pbes2_asn, gnutls_assert(); goto error; } + + if (params->iter_count >= INT_MAX || params->iter_count == 0) { + result = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + goto error; + } + _gnutls_hard_log("iterationCount: %d\n", params->iter_count); /* read the keylength, if it is set. @@ -1390,6 +1401,12 @@ read_pbkdf2_params(ASN1_TYPE pbes2_asn, if (result < 0) { params->key_size = 0; } + + if (params->key_size > MAX_CIPHER_KEY_SIZE) { + result = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + goto error; + } + _gnutls_hard_log("keyLength: %d\n", params->key_size); len = sizeof(oid); @@ -1434,9 +1451,12 @@ read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, struct pbkdf2_params *params) ¶ms->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + return _gnutls_asn2err(result); } + + if (params->salt_size < 0) + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + _gnutls_hard_log("salt.size: %d\n", params->salt_size); /* read the iteration count @@ -1444,19 +1464,17 @@ read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, struct pbkdf2_params *params) result = _gnutls_x509_read_uint(pbes2_asn, "iterations", ¶ms->iter_count); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; - } + if (result < 0) + return gnutls_assert_val(result); + _gnutls_hard_log("iterationCount: %d\n", params->iter_count); + if (params->iter_count >= INT_MAX || params->iter_count == 0) + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + params->key_size = 0; return 0; - - error: - return result; - } /* Writes the PBE parameters for PKCS-12 schemas. diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 89c394cddf..803f3919ef 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -88,8 +88,8 @@ typedef struct gnutls_pkcs7_int { struct pbkdf2_params { uint8_t salt[32]; int salt_size; - unsigned int iter_count; - unsigned int key_size; + unsigned iter_count; + unsigned key_size; gnutls_mac_algorithm_t mac; }; |