cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stricter fix for oflow

Browse Source
This commit is contained in:
brad 1999-12-12 20:17:23 +00:00
parent 701e197ed6
commit 8622a12d9a
6 changed files with 30 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
security/pgp/patches/patch-rsaref2-2
View File

@ -1,42 +1,38 @@
--- ../rsaref2/source/rsa.c.orig Fri Mar 25 14:01:48 1994
+++ ../rsaref2/source/rsa.c Thu Dec 2 20:20:11 1999
@@ -33,6 +33,9 @@
+++ ../rsaref2/source/rsa.c Sun Dec 12 13:55:04 1999
@@ -33,6 +33,8 @@
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -78,6 +81,9 @@
@@ -78,6 +80,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (inputLen > MAX_RSA_MODULUS_LEN)
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
@@ -129,6 +135,9 @@
@@ -129,6 +133,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -168,6 +177,9 @@
@@ -168,6 +174,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (inputLen > MAX_RSA_MODULUS_LEN)
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);

2
security/pgp/pkg/SECURITY
View File

@ -1,4 +1,4 @@
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}Decrypt(),
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}{De,En}crypt(),
as published by CORE SDI in their advisory of Dec. 1, 1999.

22
security/pgp5/files/patch-rsaref2-2
View File

@ -1,42 +1,38 @@
--- ../rsaref/source/rsa.c.orig Fri Mar 25 14:01:48 1994
+++ ../rsaref/source/rsa.c Wed Dec 8 22:36:39 1999
@@ -33,6 +33,9 @@
+++ ../rsaref/source/rsa.c Sun Dec 12 14:00:08 1999
@@ -33,6 +33,8 @@
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -78,6 +81,9 @@
@@ -78,6 +80,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (inputLen > MAX_RSA_MODULUS_LEN)
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
@@ -129,6 +135,9 @@
@@ -129,6 +133,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -168,6 +177,9 @@
@@ -168,6 +174,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (inputLen > MAX_RSA_MODULUS_LEN)
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);

2
security/pgp5/pkg/SECURITY
View File

@ -1,4 +1,4 @@
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}Decrypt(),
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}{De,En}crypt(),
as published by CORE SDI in their advisory of Dec. 1, 1999.

22
security/ssh/files/patch-rsaref2-2
View File

@ -1,42 +1,38 @@
--- rsaref2/source/rsa.c.orig Fri Mar 25 14:01:48 1994
+++ rsaref2/source/rsa.c Thu Dec 2 16:43:04 1999
@@ -33,6 +33,9 @@
+++ rsaref2/source/rsa.c Sun Dec 12 13:47:57 1999
@@ -33,6 +33,8 @@
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -78,6 +81,9 @@
@@ -78,6 +80,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (inputLen > MAX_RSA_MODULUS_LEN)
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
@@ -129,6 +135,9 @@
@@ -129,6 +133,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -168,6 +177,9 @@
@@ -168,6 +174,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (inputLen > MAX_RSA_MODULUS_LEN)
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);

2
security/ssh/pkg/SECURITY
View File

@ -3,6 +3,6 @@ ssh-1.2.27: patch-ai fixes the buffer overflow in RSAREF rsaglue code.
OpenSSH (integrated into OpenBSD-2.6) does not have this bug.
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}Decrypt(),
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}{De,En}crypt(),
as published by CORE SDI in their advisory of Dec. 1, 1999.