sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

gmp: Reject RSASSA-PSS signatures with negative salt length

Browse Source 
The `salt_len` field is signed because negative values are used to indicate
automatic salt lengths when generating signatures.  This must never be the
case when validating them.

Not checking this could lead to an integer overflow below.  The value is
assigned to the `len` field of a chunk (`size_t`), which is further used
in calculations to check the padding structure and (if that is passed by
a matching crafted signature value) eventually a memcpy() that will result
in a segmentation fault.

Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification")
Fixes: CVE-2021-41990
This commit is contained in:
Tobias Brunner 2021-09-28 18:00:01 +02:00
parent 03fbceb3f5
commit 234302a108
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
View File

@ -168,7 +168,7 @@ static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this,
int i;
bool success = FALSE;
if (!params)
if (!params || params->salt_len < 0)
{
return FALSE;
}