Fix stack buffer overflow in pkcs12

commit: 73011bba956e27b6c5a934cfbeaf3d2c429c9c2c [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Sep 28 18:34:48 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Oct 01 16:57:47 2015 +0200
tree: 5a069ffc8d98895e9de9fda0c5de78e352c0136e
parent: 2cf969678555c21cc16c0601dce8de8f902eb55f [diff] [blame]
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 8e42d20..498a3fe 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c

@@ -80,6 +80,8 @@
     return( 0 );
 }
 
+#define PKCS12_MAX_PWDLEN 128
+
 static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params, md_type_t md_type,
                                      const unsigned char *pwd,  size_t pwdlen,
                                      unsigned char *key, size_t keylen,
@@ -89,7 +91,10 @@
     asn1_buf salt;
     size_t i;
     unsigned char *p, *end;
-    unsigned char unipwd[258];
+    unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
+
+    if( pwdlen > PKCS12_MAX_PWDLEN )
+        return( POLARSSL_ERR_PKCS12_BAD_INPUT_DATA );
 
     memset(&salt, 0, sizeof(asn1_buf));
     memset(&unipwd, 0, sizeof(unipwd));
@@ -122,6 +127,8 @@
     return( 0 );
 }
 
+#undef PKCS12_MAX_PWDLEN
+
 int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
                              const unsigned char *pwd,  size_t pwdlen,
                              const unsigned char *data, size_t len,
commit	73011bba956e27b6c5a934cfbeaf3d2c429c9c2c	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Sep 28 18:34:48 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Oct 01 16:57:47 2015 +0200
tree	5a069ffc8d98895e9de9fda0c5de78e352c0136e
parent	2cf969678555c21cc16c0601dce8de8f902eb55f [diff] [blame]