ocsp: added sanity check in returned length

This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1492 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-06-15 12:43:48 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-06-15 14:44:45 +0200
commit: 7ad3962153f75b49929c40e942f21c21be766800 (patch)
tree: 42b88f6059717ee5f03116c115a3b3251838f151
parent: 9138682e288a38cf80da51cc81e5a6df70fc2088 (diff)
download: gnutls-7ad3962153f75b49929c40e942f21c21be766800.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index 4133e2381f..f05e4507b2 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -1004,6 +1004,9 @@ int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp)
 		return _gnutls_asn2err(ret);
 	}
 
+	if (len != 1)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
 	switch (str[0]) {
 	case GNUTLS_OCSP_RESP_SUCCESSFUL:
 	case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
@@ -1013,7 +1016,7 @@ int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp)
 	case GNUTLS_OCSP_RESP_UNAUTHORIZED:
 		break;
 	default:
-		return GNUTLS_E_UNEXPECTED_PACKET;
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
 	}
 
 	return (int) str[0];
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-06-15 12:43:48 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-06-15 14:44:45 +0200
commit	7ad3962153f75b49929c40e942f21c21be766800 (patch)
tree	42b88f6059717ee5f03116c115a3b3251838f151
parent	9138682e288a38cf80da51cc81e5a6df70fc2088 (diff)
download	gnutls-7ad3962153f75b49929c40e942f21c21be766800.tar.gz