diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-19 09:28:08 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-19 09:28:08 +0100 |
commit | d2d11cdcea17becbff00a34334136279d3cfe4fb (patch) | |
tree | 32034c6eb329bf1fea3bb3d2c24314c885563b0d /lib/x509/privkey_pkcs8.c | |
parent | 765681dd78410d7bac098cde3d3adfbffdb6d927 (diff) | |
download | gnutls-d2d11cdcea17becbff00a34334136279d3cfe4fb.tar.gz |
_decode_pkcs8_dsa_key: ensure that the P value is non-zero
When decoding a DSA private key, and constructing the public key
ensure that P is non-zero, and thus can be used as modulus.
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/x509/privkey_pkcs8.c')
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 4e1e2686e2..cc52be94a8 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -1011,6 +1011,12 @@ _decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey) goto error; } + if (_gnutls_mpi_cmp_ui(pkey->params.params[0], 0) == 0) { + gnutls_assert(); + ret = GNUTLS_E_ILLEGAL_PARAMETER; + goto error; + } + /* the public key can be generated as g^x mod p */ ret = _gnutls_mpi_init(&pkey->params.params[3]); if (ret < 0) { |