From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 19 Jan 2017 08:20:28 +0000 (+0100)
Subject: _gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a multiple... 
X-Git-Tag: gnutls_3_6_0~1058
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a0c10aaf2ae401b4f0e4705d58bb49cff9f92c67;p=thirdparty%2Fgnutls.git

_gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a multiple of blocksize

That prevents incorrect data reaching nettle which has only
assertion checks (leading to an abort).

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/x509/privkey_pkcs8_pbes1.c b/lib/x509/privkey_pkcs8_pbes1.c
index 933363d37c..86ba2609f0 100644
--- a/lib/x509/privkey_pkcs8_pbes1.c
+++ b/lib/x509/privkey_pkcs8_pbes1.c
@@ -142,10 +142,14 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password,
 	gnutls_datum_t dkey, d_iv;
 	cipher_hd_st ch;
 	uint8_t key[16];
+	const unsigned block_size = 8;
 
 	if (enc_params->cipher != GNUTLS_CIPHER_DES_CBC)
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
+	if (encrypted_data->size % block_size != 0)
+		return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+
 	/* generate the key
 	 */
 	pbkdf1_md5(password, password_len, kdf_params->salt, kdf_params->iter_count, sizeof(key), key);