lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Apr 2022 09:20:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Tadeusz Struk <tadeusz.struk@...aro.org>, Eric Biggers <ebiggers@...gle.com>, Herbert Xu <herbert@...dor.apana.org.au> Subject: [PATCH 5.15 160/913] crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() From: Eric Biggers <ebiggers@...gle.com> commit a24611ea356c7f3f0ec926da11b9482ac1f414fd upstream. Before checking whether the expected digest_info is present, we need to check that there are enough bytes remaining. Fixes: a49de377e051 ("crypto: Add hash param to pkcs1pad") Cc: <stable@...r.kernel.org> # v4.6+ Cc: Tadeusz Struk <tadeusz.struk@...aro.org> Signed-off-by: Eric Biggers <ebiggers@...gle.com> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- crypto/rsa-pkcs1pad.c | 2 ++ 1 file changed, 2 insertions(+) --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -476,6 +476,8 @@ static int pkcs1pad_verify_complete(stru pos++; if (digest_info) { + if (digest_info->size > dst_len - pos) + goto done; if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size)) goto done;
Powered by blists - more mailing lists