From: Aki Tuomi <cmouse@cmouse.fi>
Date: Sat, 16 May 2015 20:57:45 +0000 (+0300)
Subject: Add sanity checks
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~28^2~46^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ecb693d84ddd64ca2a6b0255737c28771182e12;p=thirdparty%2Fpdns.git

Add sanity checks
---

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index a840f74dc3..2170f72028 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -354,7 +354,9 @@ class Pkcs11Token {
           if (!GetAttributeValue2(d_public_key, attr)) {
             d_ecdsa_params = attr[0].str();
             if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
-            if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
+            else if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
+            else throw PDNSException("Unsupported EC key");
+            if (attr[1].str().length() != (d_bits*2/8 + 3)) throw PDNSException("EC Point data invalid");
             d_ec_point = attr[1].str().substr(3);
           } else {
             throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);