From df66990017a523cc436ea926d99152b196dedb0b Mon Sep 17 00:00:00 2001
From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Thu, 22 Aug 2024 12:40:48 -0600
Subject: [PATCH] Improve Key Usage validation more

- Was not checking the decipherOnly bit
- Was not using the buffer meant to ease checking the decipherOnly bit

Again, thanks to Niklas Vogel and Haya Schulmann for reporting this.
---
 src/object/certificate.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/object/certificate.c b/src/object/certificate.c
index 78d5abb8..b91aed51 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1345,13 +1345,13 @@ handle_ku(ASN1_BIT_STRING *ku, unsigned char byte1)
 	memset(data, 0, sizeof(data));
 	memcpy(data, ku->data, ku->length);
 
-	if (ku->data[0] != byte1) {
+	if (data[0] != byte1 || data[1] != 0) {
 		return pr_val_err("Illegal key usage flag string: %d%d%d%d%d%d%d%d%d",
-		    !!(ku->data[0] & 0x80u), !!(ku->data[0] & 0x40u),
-		    !!(ku->data[0] & 0x20u), !!(ku->data[0] & 0x10u),
-		    !!(ku->data[0] & 0x08u), !!(ku->data[0] & 0x04u),
-		    !!(ku->data[0] & 0x02u), !!(ku->data[0] & 0x01u),
-		    !!(ku->data[1] & 0x80u));
+		    !!(data[0] & 0x80u), !!(data[0] & 0x40u),
+		    !!(data[0] & 0x20u), !!(data[0] & 0x10u),
+		    !!(data[0] & 0x08u), !!(data[0] & 0x04u),
+		    !!(data[0] & 0x02u), !!(data[0] & 0x01u),
+		    !!(data[1] & 0x80u));
 	}
 
 	return 0;
-- 
2.47.3