Ported openssl format fix from openconnect

Patch by David Woodhouse
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-08-24 10:49:13 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-08-24 14:09:43 +0200
commit: dfbe6a74d8172fd69676987e2566b3f521101d3f (patch)
tree: 9d7436b5cb59ec4dd9dc3edafb750651f2719f38 /lib
parent: 1905ed7ca2987c49d0415667645ad3e3f894d5b5 (diff)
download: gnutls-dfbe6a74d8172fd69676987e2566b3f521101d3f.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index 3b143f8457..563ab99de6 100644
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -291,8 +291,8 @@ gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
 			}
 			keylen += ofs;
 
-			/* If there appears to be more padding than required, fail */
-			if (key_data_size - keylen > blocksize) {
+			/* If there appears to be more or less padding than required, fail */
+			if (key_data_size - keylen > blocksize || key_data_size < keylen+1) {
 				gnutls_assert();
 				goto fail;
 			}
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-08-24 10:49:13 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-08-24 14:09:43 +0200
commit	dfbe6a74d8172fd69676987e2566b3f521101d3f (patch)
tree	9d7436b5cb59ec4dd9dc3edafb750651f2719f38 /lib
parent	1905ed7ca2987c49d0415667645ad3e3f894d5b5 (diff)
download	gnutls-dfbe6a74d8172fd69676987e2566b3f521101d3f.tar.gz