From: Nikos Mavrogiannopoulos Date: Sat, 17 May 2014 07:40:00 +0000 (+0200) Subject: more sanity checks on signature size X-Git-Tag: gnutls_3_3_3~45 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ecae6fd894ad140b3e099fa176f2d4b286caaf65;p=thirdparty%2Fgnutls.git more sanity checks on signature size --- diff --git a/lib/x509/common.c b/lib/x509/common.c index 3376fe3cc9..8c482123d7 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1611,7 +1611,7 @@ _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name, } bits = len; - if (bits % 8 != 0) { + if (bits % 8 != 0 || bits < 8) { gnutls_assert(); result = GNUTLS_E_CERTIFICATE_ERROR; goto cleanup; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 2a75bf9753..aee162a668 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -596,7 +596,7 @@ gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, } bits = len; - if (bits % 8 != 0 || bits == 0) { + if (bits % 8 != 0 || bits < 8) { gnutls_assert(); return GNUTLS_E_CERTIFICATE_ERROR; }