On Sun, 26 Nov 2017, Eric Biggers wrote:
> Fixes: 42d5ec27f873 ("X.509: Add an ASN.1 decoder")
> Cc: # v3.7+
> Signed-off-by: Eric Biggers
> ---
> crypto/asymmetric_keys/x509_cert_parser.c | 2 ++
> 1 file changed, 2 insertions(+)
Reviewed-by: James Morris
--
James Morris
From: Eric Biggers
Adding a specially crafted X.509 certificate whose subjectPublicKey
ASN.1 value is zero-length caused x509_extract_key_data() to set the
public key size to SIZE_MAX, as it subtracted the nonexistent BIT STRING
metadata byte. Then, x509_cert_parse() called kmemdup() with that b
