_gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a multiple...

That prevents incorrect data reaching nettle which has only
assertion checks (leading to an abort).

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/x509/privkey_pkcs8_pbes1.c b/lib/x509/privkey_pkcs8_pbes1.c
index 933363d37cdb60c728654706b58a5a76a6edccd6..86ba2609f078a6b6db87b8e8e1a77eae28e7b8d3 100644 (file)
--- a/lib/x509/privkey_pkcs8_pbes1.c
+++ b/lib/x509/privkey_pkcs8_pbes1.c
@@ -142,10 +142,14 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password,
        gnutls_datum_t dkey, d_iv;
        cipher_hd_st ch;
        uint8_t key[16];
+       const unsigned block_size = 8;
 
        if (enc_params->cipher != GNUTLS_CIPHER_DES_CBC)
                return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
+       if (encrypted_data->size % block_size != 0)
+               return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+
        /* generate the key
         */
        pbkdf1_md5(password, password_len, kdf_params->salt, kdf_params->iter_count, sizeof(key), key);