don't overfill the buffer on cert import

This commit is contained in:
Klas Lindfors
2015-12-07 09:24:04 +01:00
parent 67fc8f705c
commit ebbb002068
+5
View File
@@ -557,6 +557,11 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
int object = get_object_id(slot); int object = get_object_id(slot);
ykpiv_rc res; ykpiv_rc res;
if(4 + cert_len + 5 > 3072) { /* 4 is prefix size, 5 is postfix size */
fprintf(stderr, "Certificate is to large to fit in buffer.\n");
goto import_cert_out;
}
*certptr++ = 0x70; *certptr++ = 0x70;
certptr += set_length(certptr, cert_len); certptr += set_length(certptr, cert_len);
if (compress) { if (compress) {