don't over-allocate that much in der_decode_subject_public_key_info()

sjaeckel · sjaeckel · commit 15eab9702b27 · 2017-10-01T22:56:46.000+02:00
diff --git a/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
@@ -58,7 +58,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in
    }
 
    /* see if the OpenSSL DER format RSA public key will work */
-   tmpbuf = XCALLOC(1, LTC_DER_MAX_PUBKEY_SIZE*8);
+   tmpbuf = XCALLOC(1, inlen);
    if (tmpbuf == NULL) {
        err = CRYPT_MEM;
        goto LBL_ERR;
@@ -72,7 +72,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in
     * in a **BIT** string ... so we have to extract it then proceed to convert bit to octet
     */
    LTC_SET_ASN1(subject_pubkey, 0, LTC_ASN1_SEQUENCE, alg_id, 2);
-   LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, LTC_DER_MAX_PUBKEY_SIZE*8);
+   LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, inlen);
 
    err=der_decode_sequence(in, inlen, subject_pubkey, 2UL);
    if (err != CRYPT_OK) {
