diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 14:56:50 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-01-09 07:36:34 +0100 |
commit | 7dec871f82e205107a81281e3286f0aa9caa93b3 (patch) | |
tree | 03c61fb0b8579b6d7f3f41537fe09c172ed01464 /lib | |
parent | 6231a4a087f9fdbd5f5f274e80c7a71e3e45b9c8 (diff) | |
download | gnutls-7dec871f82e205107a81281e3286f0aa9caa93b3.tar.gz |
opencdk: cdk_pk_get_keyid: fix stack overflow
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/opencdk/pubkey.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c index 6e753bd256..da43129f9a 100644 --- a/lib/opencdk/pubkey.c +++ b/lib/opencdk/pubkey.c @@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) { u32 lowbits = 0; byte buf[24]; + int rc; if (pk && (!pk->keyid[0] || !pk->keyid[1])) { if (pk->version < 4 && is_RSA(pk->pubkey_algo)) { @@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) size_t n; n = MAX_MPI_BYTES; - _gnutls_mpi_print(pk->mpi[0], p, &n); + rc = _gnutls_mpi_print(pk->mpi[0], p, &n); + if (rc < 0 || n < 8) { + keyid[0] = keyid[1] = (u32)-1; + return (u32)-1; + } + pk->keyid[0] = p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | |