X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp
index 8d341bf2..187ee9c8 100644
--- a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp
+++ b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp
@@ -100,9 +100,13 @@ static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate
 	passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
 	CssmData *cssmData = reinterpret_cast<CssmData *>(outData);
 	
-	assert(cssmData->Length <= sizeof(outHeader.publicKeyHash));
 	outHeader.publicKeyHashSize = (uint32_t)cssmData->Length;
-	memcpy(outHeader.publicKeyHash, cssmData->Data, cssmData->Length);
+	if (outHeader.publicKeyHashSize > sizeof(outHeader.publicKeyHash)) {
+		secinfo("FDERecovery", "encodePrivateKeyHeader: publicKeyHash too big: %d", outHeader.publicKeyHashSize);
+		outHeader.publicKeyHashSize = 0; /* failed to copy hash value */
+	} else {
+		memcpy(outHeader.publicKeyHash, cssmData->Data, outHeader.publicKeyHashSize);
+	}
 	fCSP.allocator().free(cssmData->Data);
 	fCSP.allocator().free(cssmData);