diff options
| author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-01-28 13:05:14 +0300 |
|---|---|---|
| committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-01-28 13:06:58 +0300 |
| commit | 495aa9b57a3ce3ee546a0498ef232b4aa47d0f51 (patch) | |
| tree | 03222861182a229c7d12daf13a169574e3e7f561 | |
| parent | 25eb1dfa7a84b4fe465c4fe333f95e6eb8a9325f (diff) | |
| download | gnutls-495aa9b57a3ce3ee546a0498ef232b4aa47d0f51.tar.gz | |
pkcs12: do not go try calculating pbkdf2 with 0 iterations
Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to
GnuTLS PKCS12 GOST code to check that iter is not 0.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| -rw-r--r-- | fuzz/gnutls_pkcs12_key_parser_fuzzer.repro/dcbb6c7d385ddf87823849890768b022dc9e1eff | bin | 0 -> 1011 bytes | |||
| -rw-r--r-- | lib/x509/pkcs12.c | 3 |
2 files changed, 3 insertions, 0 deletions
diff --git a/fuzz/gnutls_pkcs12_key_parser_fuzzer.repro/dcbb6c7d385ddf87823849890768b022dc9e1eff b/fuzz/gnutls_pkcs12_key_parser_fuzzer.repro/dcbb6c7d385ddf87823849890768b022dc9e1eff Binary files differnew file mode 100644 index 0000000000..ebc03d30dc --- /dev/null +++ b/fuzz/gnutls_pkcs12_key_parser_fuzzer.repro/dcbb6c7d385ddf87823849890768b022dc9e1eff diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 8c3310d066..6324fb25a3 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -867,6 +867,9 @@ _gnutls_pkcs12_gost_string_to_key(gnutls_mac_algorithm_t algo, size_t temp_len = sizeof(temp); unsigned int pass_len = 0; + if (iter == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (pass) pass_len = strlen(pass); |