From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Tue, 6 Aug 2024 16:29:16 +0000 (-0600)
Subject: Prevent crash on malformed Key Usage
X-Git-Tag: 1.6.3~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=939d988551d17996be73f52c376a70a3d6ba69f9;p=thirdparty%2FFORT-validator.git

Prevent crash on malformed Key Usage

Key Usage bit strings longer than 2 bytes were inducing buffer overflow.

Thanks to Niklas Vogel for reporting this.
---

diff --git a/src/object/certificate.c b/src/object/certificate.c
index 3e2439bf..f36392d4 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1329,9 +1329,9 @@ handle_ku(ASN1_BIT_STRING *ku, unsigned char byte1)
 
 	unsigned char data[2];
 
-	if (ku->length == 0) {
-		return pr_val_err("%s bit string has no enabled bits.",
-		    ext_ku()->name);
+	if (ku->length != 2 && ku->length != 1) {
+		return pr_val_err("Bogus %s length: %d",
+		    ext_ku()->name, ku->length);
 	}
 
 	memset(data, 0, sizeof(data));