]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Revert "Fix out-of-bounds read in gnutls_x509_ext_export_key_usage"
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Sat, 30 Jan 2016 10:15:13 +0000 (11:15 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Sat, 30 Jan 2016 11:14:42 +0000 (12:14 +0100)
This was not really an out-of-bounds check. Added documentation
to make that clear.

This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d.

lib/x509/x509_ext.c

index ce1ce9b30ced0bf0f5269d9c8684ecd994c4a992..b68ac75edd9f2434716eea59566269a6cac88591 100644 (file)
@@ -1116,7 +1116,9 @@ int gnutls_x509_ext_export_key_usage(unsigned int usage, gnutls_datum_t * ext)
        str[0] = usage & 0xff;
        str[1] = usage >> 8;
 
-       result = asn1_write_value(c2, "", str, 2);
+       /* Since KeyUsage is a BIT STRING, the input to asn1_write_value
+        * is the number of bits to be read. */
+       result = asn1_write_value(c2, "", str, 9);
        if (result != ASN1_SUCCESS) {
                gnutls_assert();
                asn1_delete_structure(&c2);