]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
more sanity checks on signature size
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 17 May 2014 07:40:00 +0000 (09:40 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 17 May 2014 07:40:00 +0000 (09:40 +0200)
lib/x509/common.c
lib/x509/x509.c

index 3376fe3cc91158f9e5eb4da7299914d46e468f41..8c482123d766a53614bede8c33f16f3728e7b2d5 100644 (file)
@@ -1611,7 +1611,7 @@ _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name,
        }
 
        bits = len;
-       if (bits % 8 != 0) {
+       if (bits % 8 != 0 || bits < 8) {
                gnutls_assert();
                result = GNUTLS_E_CERTIFICATE_ERROR;
                goto cleanup;
index 2a75bf97539a77ab8b1d5df8dbf5243487769e96..aee162a6682ece56d6eb53e48d285d1cb3a320c5 100644 (file)
@@ -596,7 +596,7 @@ gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
        }
 
        bits = len;
-       if (bits % 8 != 0 || bits == 0) {
+       if (bits % 8 != 0 || bits < 8) {
                gnutls_assert();
                return GNUTLS_E_CERTIFICATE_ERROR;
        }