diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-04 14:56:50 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-06 08:04:40 +0100 |
commit | 8c699a16ba73e527a269792bacb49676aee42028 (patch) | |
tree | 0562a3525d960f7f351a84a1d05db28d651e74c9 | |
parent | 787fdfc14fb7f47a56d1921ce0da9498d79a4d9c (diff) | |
download | gnutls-8c699a16ba73e527a269792bacb49676aee42028.tar.gz |
opencdk: cdk_pk_get_keyid: fix stack overflow
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/opencdk/pubkey.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c index 72e7d77b7e..1c73433fd6 100644 --- a/lib/opencdk/pubkey.c +++ b/lib/opencdk/pubkey.c @@ -518,6 +518,7 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) { u32 lowbits = 0; byte buf[24]; + int rc; if (pk && (!pk->keyid[0] || !pk->keyid[1])) { if (pk->version < 4 && is_RSA(pk->pubkey_algo)) { @@ -525,7 +526,12 @@ u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid) size_t n; n = MAX_MPI_BYTES; - _gnutls_mpi_print(pk->mpi[0], p, &n); + rc = _gnutls_mpi_print(pk->mpi[0], p, &n); + if (rc < 0 || n < 8) { + keyid[0] = keyid[1] = (u32)-1; + return (u32)-1; + } + pk->keyid[0] = p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | |