tool: check length before trying to store cert in buffer

fixes #148
Yubico · Aug 16, 2018 · 45e74cf · 45e74cf
1 parent 16d5390
commit 45e74cf
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
@@ -561,6 +561,12 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
     unsigned char certdata[YKPIV_OBJ_MAX_SIZE];
     unsigned char *certptr = certdata;
     ykpiv_rc res;
+
+    if(cert_len > YKPIV_OBJ_MAX_SIZE) {
+      fprintf(stderr, "Length of certificate is more than can fit.\n");
+      goto import_cert_out;
+    }
+
     if (compress) {
       if (fread(certdata, 1, (size_t)cert_len, input_file) != (size_t)cert_len) {
         fprintf(stderr, "Failed to read compressed certificate\n");