Add sanity checks

author Aki Tuomi <cmouse@cmouse.fi>

Sat, 16 May 2015 20:57:45 +0000 (23:57 +0300)

committer Aki Tuomi <cmouse@cmouse.fi>

Sun, 17 May 2015 17:24:04 +0000 (20:24 +0300)
author Aki Tuomi <cmouse@cmouse.fi>
Sat, 16 May 2015 20:57:45 +0000 (23:57 +0300)
committer Aki Tuomi <cmouse@cmouse.fi>
Sun, 17 May 2015 17:24:04 +0000 (20:24 +0300)
diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc

index d668a387e44db4d08e2a7967e0737e0f59f73ce0..9d2a19b17ef6ef8ad1983722b07f0d1805721307 100644 (file)
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -352,7 +352,9 @@ class Pkcs11Token {
            if (!GetAttributeValue2(d_public_key, attr)) {
              d_ecdsa_params = attr[0].str();
              if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
-            if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
+            else if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
+            else throw PDNSException("Unsupported EC key");
+            if (attr[1].str().length() != (d_bits*2/8 + 3)) throw PDNSException("EC Point data invalid");
              d_ec_point = attr[1].str().substr(3);
            } else {
              throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
author	Aki Tuomi <cmouse@cmouse.fi>
	Sat, 16 May 2015 20:57:45 +0000 (23:57 +0300)
committer	Aki Tuomi <cmouse@cmouse.fi>
	Sun, 17 May 2015 17:24:04 +0000 (20:24 +0300)