_decode_pkcs8_dsa_key: ensure that the P value is non-zero

When decoding a DSA private key, and constructing the public key
ensure that P is non-zero, and thus can be used as modulus.

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 4e1e2686e202c7b823e567fdc144799bcbd1e6ef..cc52be94a87ba07addce18b7345b827568e93a1c 100644 (file)
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1011,6 +1011,12 @@ _decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
                goto error;
        }
 
+       if (_gnutls_mpi_cmp_ui(pkey->params.params[0], 0) == 0) {
+               gnutls_assert();
+               ret = GNUTLS_E_ILLEGAL_PARAMETER;
+               goto error;
+       }
+
        /* the public key can be generated as g^x mod p */
        ret = _gnutls_mpi_init(&pkey->params.params[3]);
        if (ret < 0) {