Prevent the usage of strlen() on null values.

1 files changed, 10 insertions, 2 deletions

diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 3af1045ea6..2e3417fb34 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1593,6 +1593,10 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
   cipher_hd_st ch;
   int ch_init = 0;
   int key_size;
+  unsigned int pass_len = 0;
+  
+  if (password)
+    pass_len = strlen(password);
 
   data_size = 0;
   result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
@@ -1641,7 +1645,7 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
     case PBES2_AES_192:
     case PBES2_AES_256:
 
-      result = _gnutls_pbkdf2_sha1 (password, strlen (password),
+      result = _gnutls_pbkdf2_sha1 (password, pass_len,
                                     kdf_params->salt, kdf_params->salt_size,
                                     kdf_params->iter_count, key, key_size);
 
@@ -1896,8 +1900,12 @@ generate_key (schema_id schema,
               struct pbe_enc_params *enc_params, gnutls_datum_t * key)
 {
   unsigned char rnd[2];
+  unsigned int pass_len = 0;
   int ret;
 
+  if (password)
+    pass_len = strlen(password);
+
   ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
   if (ret < 0)
     {
@@ -1971,7 +1979,7 @@ generate_key (schema_id schema,
     case PBES2_AES_192:
     case PBES2_AES_256:
 
-      ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
+      ret = _gnutls_pbkdf2_sha1 (password, pass_len,
                                  kdf_params->salt, kdf_params->salt_size,
                                  kdf_params->iter_count,
                                  key->data, kdf_params->key_size);