From 7d3caedb8df9d04eee9513cb5b3b417ae29927f5 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Sat, 30 Jan 2016 11:15:13 +0100
Subject: Revert "Fix out-of-bounds read in gnutls_x509_ext_export_key_usage"

This was not really an out-of-bounds check. Added documentation
to make that clear.

This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d.
---
 lib/x509/x509_ext.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index ce1ce9b30c..b68ac75edd 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -1116,7 +1116,9 @@ int gnutls_x509_ext_export_key_usage(unsigned int usage, gnutls_datum_t * ext)
 	str[0] = usage & 0xff;
 	str[1] = usage >> 8;
 
-	result = asn1_write_value(c2, "", str, 2);
+	/* Since KeyUsage is a BIT STRING, the input to asn1_write_value
+	 * is the number of bits to be read. */
+	result = asn1_write_value(c2, "", str, 9);
 	if (result != ASN1_SUCCESS) {
 		gnutls_assert();
 		asn1_delete_structure(&c2);
-- 
cgit v1.2.1