From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 4 Dec 2017 09:51:47 +0000 (+0100)
Subject: signature-params: Properly handle MGF1 algorithm identifier without parameters
X-Git-Tag: 5.6.2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=40da179f28b768ffcf6ff7e2f68675eb44806668;p=thirdparty%2Fstrongswan.git

signature-params: Properly handle MGF1 algorithm identifier without parameters

Credit to OSS-Fuzz.

Fixes: CVE-2018-6459
---

diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index 6b4d22e7b2..8f42fb940f 100644
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -280,13 +280,17 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params)
 			case RSASSA_PSS_PARAMS_MGF_ALG:
 				if (object.len)
 				{
-					chunk_t hash;
+					chunk_t hash = chunk_empty;
 
 					alg = asn1_parse_algorithmIdentifier(object, level, &hash);
 					if (alg != OID_MGF1)
 					{
 						goto end;
 					}
+					if (!hash.len)
+					{
+						goto end;
+					}
 					alg = asn1_parse_algorithmIdentifier(hash, level+1, NULL);
 					params->mgf1_hash = hasher_algorithm_from_oid(alg);
 					if (params->mgf1_hash == HASH_UNKNOWN)