gnutls_x509_privkey_set_spki: check validity of parameters set

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index b7c5038db00920b55089fad6c135a42c7c5b9e51..c5236223df16645fb450e5f64e94e7fe93dfb31e 100644 (file)
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1294,6 +1294,9 @@ gnutls_x509_privkey_get_spki(gnutls_x509_privkey_t key, gnutls_x509_spki_t spki,
 int
 gnutls_x509_privkey_set_spki(gnutls_x509_privkey_t key, const gnutls_x509_spki_t spki, unsigned int flags)
 {
+       gnutls_pk_params_st tparams;
+       int ret;
+
        if (key == NULL) {
                gnutls_assert();
                return GNUTLS_E_INVALID_REQUEST;
@@ -1302,6 +1305,12 @@ gnutls_x509_privkey_set_spki(gnutls_x509_privkey_t key, const gnutls_x509_spki_t
        if (!_gnutls_pk_are_compat(key->params.algo, spki->pk))
                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
+       memcpy(&tparams, &key->params, sizeof(gnutls_pk_params_st));
+       memcpy(&tparams.spki, spki, sizeof (gnutls_x509_spki_st));
+       ret = _gnutls_x509_check_pubkey_params(&tparams);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
+
        memcpy(&key->params.spki, spki, sizeof (gnutls_x509_spki_st));
 
        key->params.algo = spki->pk;