| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Sep 2012 13:26:55 +0300 From: Dmitry Kasatkin <dmitry.kasatkin@...el.com> To: torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org, zohar@...ux.vnet.ibm.com, jmorris@...ei.org, linux-security-module@...r.kernel.org, stable@...r.kernel.org Subject: [PATCH v2 1/1] digsig: add hash size comparision on signature verification Commit b35e286a640f31d619a637332972498b51f3fd90 introduced the bug. When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do not match, hash comparision is not done and digsig_verify_rsa() returns no error. This is a bug and this patch fixes it. Cc: stable@...r.kernel.org Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@...el.com> --- lib/digsig.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/digsig.c b/lib/digsig.c index 286d558..8c0e629 100644 --- a/lib/digsig.c +++ b/lib/digsig.c @@ -163,9 +163,11 @@ static int digsig_verify_rsa(struct key *key, memcpy(out1 + head, p, l); err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); + if (err) + goto err; - if (!err && len == hlen) - err = memcmp(out2, h, hlen); + if (len != hlen || memcmp(out2, h, hlen)) + err = -EINVAL; err: mpi_free(in); -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists