From 4913feadb8c5d8cb2302054d76721364ff43d9f7 Mon Sep 17 00:00:00 2001
From: alegon01 <alexandre.gonzalo@trustonic.com>
Date: Fri, 5 Apr 2019 10:38:12 +0200
Subject: [PATCH] Fix in encrypt_decrypt(), check for (in_len <= sizeof
 orig_data)

---
 src/tools/pkcs11-tool.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index b91a660b..d1263245 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -5361,6 +5361,11 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
 		return 0;
 	}
 
+	if (in_len >= sizeof(orig_data)) {
+		printf("Private key size is too long\n");
+		return 0;
+	}
+
 	EVP_PKEY_CTX *ctx;
 	ctx = EVP_PKEY_CTX_new(pkey, NULL);
 	if (!ctx) {