From 939d988551d17996be73f52c376a70a3d6ba69f9 Mon Sep 17 00:00:00 2001
From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Tue, 6 Aug 2024 10:29:16 -0600
Subject: [PATCH] Prevent crash on malformed Key Usage

Key Usage bit strings longer than 2 bytes were inducing buffer overflow.

Thanks to Niklas Vogel for reporting this.
---
 src/object/certificate.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/object/certificate.c b/src/object/certificate.c
index 3e2439bf..f36392d4 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1329,9 +1329,9 @@ handle_ku(ASN1_BIT_STRING *ku, unsigned char byte1)
 
 	unsigned char data[2];
 
-	if (ku->length == 0) {
-		return pr_val_err("%s bit string has no enabled bits.",
-		    ext_ku()->name);
+	if (ku->length != 2 && ku->length != 1) {
+		return pr_val_err("Bogus %s length: %d",
+		    ext_ku()->name, ku->length);
 	}
 
 	memset(data, 0, sizeof(data));
-- 
2.47.3