lib/x509/privkey_openssl: mind header size more carefully

When parsing private keys in OpenSSL PEM format, GnuTLS did not perform
sufficient bounds checking for the length of the PEM header being parsed.
For specially crafted inputs, this could lead to heap overreads.
There was no confidentiality risk and
the crash potential was limited to instrumented builds in practice.
This change instates the overlooked bounds checking.

Reported-by: Kamil Frankowicz <kamil.frankowicz@cert.pl>
Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
Related: #1818
Fixes: #1854
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index eb8db9353ea8bebd9c11c714ac086fc74c05577d..50eb6c04089dfd56566cb0e468b43b65526efcb1 100644 (file)
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -173,7 +173,8 @@ int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
 
        for (i = 0; i < sizeof(pem_ciphers) / sizeof(pem_ciphers[0]); i++) {
                l = strlen(pem_ciphers[i].name);
-               if (!strncmp(pem_header, pem_ciphers[i].name, l) &&
+               if (pem_header_size > l &&
+                   !strncmp(pem_header, pem_ciphers[i].name, l) &&
                    pem_header[l] == ',') {
                        pem_header += l + 1;
                        cipher = pem_ciphers[i].cipher;
@@ -217,6 +218,8 @@ int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
        while (*pem_header == '\n' || *pem_header == '\r')
                pem_header++;
 
+       pem_header_size =
+               data->size - (ptrdiff_t)(pem_header - pem_header_start);
        ret = _gnutls_base64_decode((const void *)pem_header, pem_header_size,
                                    &b64_data);
        if (ret < 0) {