From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 23 Feb 2017 10:10:04 +0000 (+0100)
Subject: opencdk: read_attribute: account buffer size
X-Git-Tag: gnutls_3_6_0~949
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e2b02861caea3cb9a173e6993640b4e7112bdb44;p=thirdparty%2Fgnutls.git

opencdk: read_attribute: account buffer size

That ensures that there is no read past the end of buffer.

Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391

Relates: #159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index f5b180b072..d2c420c138 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -514,7 +514,7 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
 		pktlen--;
 	}
 
-	if (!len || *p != 1) {		/* Currently only 1, meaning an image, is defined. */
+	if (!len || pktlen == 0 || *p != 1) {	/* Currently only 1, meaning an image, is defined. */
 		rc = CDK_Inv_Packet;
 		goto error;
 	}