Merge branch 'tmp-var' into 'master'

encode_ber_digest_info: added sanity check See merge request gnutls/gnutls!1041
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-07-09 04:16:53 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-07-09 04:16:53 +0000
commit: 7ff1e5b51560302d24b1e078520ec58e20ae4081 (patch)
tree: a02659e870ae7af97f974c73e2e91784d1dbc36b
parent: 3be35aa23bd98d7ce8013866919494e0e64c1f67 (diff)
parent: ed93d5f01d7c118c9f6ded65495b9787a9c80fee (diff)
download: gnutls-7ff1e5b51560302d24b1e078520ec58e20ae4081.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195 b/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195
new file mode 100644
index 0000000000..86b66c022c
--- /dev/null
+++ b/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195
diff --git a/lib/pk.c b/lib/pk.c
index 1887063eb0..debcc2ac09 100644
--- a/lib/pk.c
+++ b/lib/pk.c
@@ -598,6 +598,10 @@ encode_ber_digest_info(const mac_entry_st * e,
 	uint8_t *tmp_output;
 	int tmp_output_size;
 
+	/* prevent asn1_write_value() treating input as string */
+	if (digest->size == 0)
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
 	algo = _gnutls_x509_mac_to_oid(e);
 	if (algo == NULL) {
 		gnutls_assert();
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-07-09 04:16:53 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-07-09 04:16:53 +0000
commit	7ff1e5b51560302d24b1e078520ec58e20ae4081 (patch)
tree	a02659e870ae7af97f974c73e2e91784d1dbc36b
parent	3be35aa23bd98d7ce8013866919494e0e64c1f67 (diff)
parent	ed93d5f01d7c118c9f6ded65495b9787a9c80fee (diff)
download	gnutls-7ff1e5b51560302d24b1e078520ec58e20ae4081.tar.gz