X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/6b200bc335dc93c5516ccb52f14bd896d8c7fad7..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp?ds=inline

diff --git a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp
index 844a1e1a..187ee9c8 100644
--- a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp
+++ b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp
@@ -34,7 +34,7 @@
 #include <Security/SecKey.h>
 
 static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate, FVPrivateKeyHeader &outHeader);
-static CFDataRef decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader);
+static CFDataRef CF_RETURNS_RETAINED decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader);
 static void throwIfError(CSSM_RETURN rv);
 
 #pragma mark ----- Public SPI -----
@@ -100,9 +100,13 @@ static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate
 	passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
 	CssmData *cssmData = reinterpret_cast<CssmData *>(outData);
 	
-	assert(cssmData->Length <= sizeof(outHeader.publicKeyHash));
 	outHeader.publicKeyHashSize = (uint32_t)cssmData->Length;
-	memcpy(outHeader.publicKeyHash, cssmData->Data, cssmData->Length);
+	if (outHeader.publicKeyHashSize > sizeof(outHeader.publicKeyHash)) {
+		secinfo("FDERecovery", "encodePrivateKeyHeader: publicKeyHash too big: %d", outHeader.publicKeyHashSize);
+		outHeader.publicKeyHashSize = 0; /* failed to copy hash value */
+	} else {
+		memcpy(outHeader.publicKeyHash, cssmData->Data, outHeader.publicKeyHashSize);
+	}
 	fCSP.allocator().free(cssmData->Data);
 	fCSP.allocator().free(cssmData);