openssl: Fix invalid keyid length check
authorambiso <ambiso@invalid>
Tue, 23 Oct 2018 21:20:17 +0000 (23:20 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 24 Oct 2018 07:48:56 +0000 (09:48 +0200)
Check was designed for base64 conversion, however a hex conversion is
being performed, which requires more memory.

src/libstrongswan/plugins/openssl/openssl_plugin.c

index 8b0a7c5..c919680 100644 (file)
@@ -405,7 +405,7 @@ static private_key_t *openssl_private_key_connect(key_type_t type,
        {
                snprintf(keyname, sizeof(keyname), "%d:", slot);
        }
-       if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
+       if (sizeof(keyname) - strlen(keyname) <= keyid.len * 2 + 1)
        {
                return NULL;
        }