opencdk: cdk_pk_get_keyid: fix stack overflow

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index 72e7d77b7e..1c73433fd6 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
 {
 	u32 lowbits = 0;
 	byte buf[24];
+	int rc;
 
 	if (pk && (!pk->keyid[0] || !pk->keyid[1])) {
 		if (pk->version < 4 && is_RSA(pk->pubkey_algo)) {
@@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
 			size_t n;
 
 			n = MAX_MPI_BYTES;
-			_gnutls_mpi_print(pk->mpi[0], p, &n);
+			rc = _gnutls_mpi_print(pk->mpi[0], p, &n);
+			if (rc < 0 || n < 8) {
+				keyid[0] = keyid[1] = (u32)-1;
+				return (u32)-1;
+			}
+
 			pk->keyid[0] =
 			    p[n - 8] << 24 | p[n - 7] << 16 | p[n -
 								6] << 8 |