fix buffer overflow in RSA{Public,Private}Decrypt. from CORE SDI.

1999-12-02 05:29:10 +00:00 · 1999-12-02 05:29:10 +00:00 · 8e30dd7ed9
commit 8e30dd7ed9
parent b0ac3f25cd
2 changed files with 46 additions and 0 deletions
--- a/security/rsaref/patches/patch-ac
+++ b/security/rsaref/patches/patch-ac
@ -0,0 +1,42 @@
+--- rsa.c.orig	Fri Mar 25 14:01:48 1994
+++ rsa.c	Wed Dec  1 23:01:22 1999
+@@ -33,6 +33,9 @@
+   unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen;
+   
+  if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+    return (RE_LEN);
+
+   modulusLen = (publicKey->bits + 7) / 8;
+   if (inputLen + 11 > modulusLen)
+     return (RE_LEN);
+@@ -78,6 +81,9 @@
+   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen, pkcsBlockLen;
+   
+  if (inputLen > MAX_RSA_MODULUS_LEN)
+    return (RE_LEN);
+
+   modulusLen = (publicKey->bits + 7) / 8;
+   if (inputLen > modulusLen)
+     return (RE_LEN);
+@@ -129,6 +135,9 @@
+   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen;
+   
+  if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
+    return (RE_LEN);
+
+   modulusLen = (privateKey->bits + 7) / 8;
+   if (inputLen + 11 > modulusLen)
+     return (RE_LEN);
+@@ -168,6 +177,9 @@
+   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen, pkcsBlockLen;
+   
+  if (inputLen > MAX_RSA_MODULUS_LEN)
+    return (RE_LEN);
+
+   modulusLen = (privateKey->bits + 7) / 8;
+   if (inputLen > modulusLen)
+     return (RE_LEN);
--- a/security/rsaref/pkg/SECURITY
+++ b/security/rsaref/pkg/SECURITY
@ -0,0 +1,4 @@
+
+patch-ac fixes the buffer overflow in RSA{Private,Public}Decrypt(),
+as published by CORE SDI in their advisory of Dec. 1, 1999.
+