stricter fix for oflow
This commit is contained in:
parent
701e197ed6
commit
8622a12d9a
@ -1,42 +1,38 @@
|
||||
--- ../rsaref2/source/rsa.c.orig Fri Mar 25 14:01:48 1994
|
||||
+++ ../rsaref2/source/rsa.c Thu Dec 2 20:20:11 1999
|
||||
@@ -33,6 +33,9 @@
|
||||
+++ ../rsaref2/source/rsa.c Sun Dec 12 13:55:04 1999
|
||||
@@ -33,6 +33,8 @@
|
||||
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen;
|
||||
|
||||
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
|
||||
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (publicKey->bits + 7) / 8;
|
||||
if (inputLen + 11 > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -78,6 +81,9 @@
|
||||
@@ -78,6 +80,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen, pkcsBlockLen;
|
||||
|
||||
+ if (inputLen > MAX_RSA_MODULUS_LEN)
|
||||
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (publicKey->bits + 7) / 8;
|
||||
if (inputLen > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -129,6 +135,9 @@
|
||||
@@ -129,6 +133,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen;
|
||||
|
||||
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
|
||||
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (privateKey->bits + 7) / 8;
|
||||
if (inputLen + 11 > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -168,6 +177,9 @@
|
||||
@@ -168,6 +174,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen, pkcsBlockLen;
|
||||
|
||||
+ if (inputLen > MAX_RSA_MODULUS_LEN)
|
||||
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (privateKey->bits + 7) / 8;
|
||||
if (inputLen > modulusLen)
|
||||
return (RE_LEN);
|
||||
|
@ -1,4 +1,4 @@
|
||||
|
||||
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}Decrypt(),
|
||||
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}{De,En}crypt(),
|
||||
as published by CORE SDI in their advisory of Dec. 1, 1999.
|
||||
|
||||
|
@ -1,42 +1,38 @@
|
||||
--- ../rsaref/source/rsa.c.orig Fri Mar 25 14:01:48 1994
|
||||
+++ ../rsaref/source/rsa.c Wed Dec 8 22:36:39 1999
|
||||
@@ -33,6 +33,9 @@
|
||||
+++ ../rsaref/source/rsa.c Sun Dec 12 14:00:08 1999
|
||||
@@ -33,6 +33,8 @@
|
||||
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen;
|
||||
|
||||
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
|
||||
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (publicKey->bits + 7) / 8;
|
||||
if (inputLen + 11 > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -78,6 +81,9 @@
|
||||
@@ -78,6 +80,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen, pkcsBlockLen;
|
||||
|
||||
+ if (inputLen > MAX_RSA_MODULUS_LEN)
|
||||
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (publicKey->bits + 7) / 8;
|
||||
if (inputLen > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -129,6 +135,9 @@
|
||||
@@ -129,6 +133,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen;
|
||||
|
||||
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
|
||||
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (privateKey->bits + 7) / 8;
|
||||
if (inputLen + 11 > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -168,6 +177,9 @@
|
||||
@@ -168,6 +174,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen, pkcsBlockLen;
|
||||
|
||||
+ if (inputLen > MAX_RSA_MODULUS_LEN)
|
||||
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (privateKey->bits + 7) / 8;
|
||||
if (inputLen > modulusLen)
|
||||
return (RE_LEN);
|
||||
|
@ -1,4 +1,4 @@
|
||||
|
||||
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}Decrypt(),
|
||||
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}{De,En}crypt(),
|
||||
as published by CORE SDI in their advisory of Dec. 1, 1999.
|
||||
|
||||
|
@ -1,42 +1,38 @@
|
||||
--- rsaref2/source/rsa.c.orig Fri Mar 25 14:01:48 1994
|
||||
+++ rsaref2/source/rsa.c Thu Dec 2 16:43:04 1999
|
||||
@@ -33,6 +33,9 @@
|
||||
+++ rsaref2/source/rsa.c Sun Dec 12 13:47:57 1999
|
||||
@@ -33,6 +33,8 @@
|
||||
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen;
|
||||
|
||||
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
|
||||
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (publicKey->bits + 7) / 8;
|
||||
if (inputLen + 11 > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -78,6 +81,9 @@
|
||||
@@ -78,6 +80,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen, pkcsBlockLen;
|
||||
|
||||
+ if (inputLen > MAX_RSA_MODULUS_LEN)
|
||||
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (publicKey->bits + 7) / 8;
|
||||
if (inputLen > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -129,6 +135,9 @@
|
||||
@@ -129,6 +133,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen;
|
||||
|
||||
+ if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
|
||||
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (privateKey->bits + 7) / 8;
|
||||
if (inputLen + 11 > modulusLen)
|
||||
return (RE_LEN);
|
||||
@@ -168,6 +177,9 @@
|
||||
@@ -168,6 +174,8 @@
|
||||
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
||||
unsigned int i, modulusLen, pkcsBlockLen;
|
||||
|
||||
+ if (inputLen > MAX_RSA_MODULUS_LEN)
|
||||
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
||||
+ return (RE_LEN);
|
||||
+
|
||||
modulusLen = (privateKey->bits + 7) / 8;
|
||||
if (inputLen > modulusLen)
|
||||
return (RE_LEN);
|
||||
|
@ -3,6 +3,6 @@ ssh-1.2.27: patch-ai fixes the buffer overflow in RSAREF rsaglue code.
|
||||
|
||||
OpenSSH (integrated into OpenBSD-2.6) does not have this bug.
|
||||
|
||||
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}Decrypt(),
|
||||
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}{De,En}crypt(),
|
||||
as published by CORE SDI in their advisory of Dec. 1, 1999.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user