encode_ber_digest_info: added sanity check

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 8 Jul 2019 17:33:50 +0000 (19:33 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 8 Jul 2019 17:37:20 +0000 (19:37 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 8 Jul 2019 17:33:50 +0000 (19:33 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 8 Jul 2019 17:37:20 +0000 (19:37 +0200)
diff --git a/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195 b/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195

new file mode 100644 (file)

index 0000000..86b66c0

Binary files /dev/null and b/fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195 differ
diff --git a/lib/pk.c b/lib/pk.c

index 1887063eb05a2c14410801db3d55734e61ba3537..debcc2ac09f90d13230c1cfe13ce0c35b5fb802a 100644 (file)
--- a/lib/pk.c
+++ b/lib/pk.c
@@ -598,6 +598,10 @@ encode_ber_digest_info(const mac_entry_st * e,
         uint8_t *tmp_output;
         int tmp_output_size;
  
+       /* prevent asn1_write_value() treating input as string */
+       if (digest->size == 0)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
         algo = _gnutls_x509_mac_to_oid(e);
         if (algo == NULL) {
                 gnutls_assert();
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 8 Jul 2019 17:33:50 +0000 (19:33 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 8 Jul 2019 17:37:20 +0000 (19:37 +0200)
fuzz/gnutls_x509_verify_fuzzer.repro/5b24d9a0bdb049a203a1fac98d2854bbc6062195	[new file with mode: 0644]	patch \| blob
lib/pk.c		patch \| blob \| blame \| history