From: ambiso <ambiso@invalid>
Date: Tue, 23 Oct 2018 21:20:17 +0000 (+0200)
Subject: openssl: Fix invalid keyid length check
X-Git-Tag: 5.7.2dr1~10^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b148517c6bf47fa2f0d049b1e9c446c1f14c501b;p=thirdparty%2Fstrongswan.git

openssl: Fix invalid keyid length check

Check was designed for base64 conversion, however a hex conversion is
being performed, which requires more memory.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 8b0a7c5c74..c9196804e7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -405,7 +405,7 @@ static private_key_t *openssl_private_key_connect(key_type_t type,
 	{
 		snprintf(keyname, sizeof(keyname), "%d:", slot);
 	}
-	if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
+	if (sizeof(keyname) - strlen(keyname) <= keyid.len * 2 + 1)
 	{
 		return NULL;
 	}