ref: 02b3c609ed7deb369722617c20f69c5f3f73e570
parent: 1df513a2a1683efa18655047946ef735479b2dfb
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Feb 5 21:03:16 EST 2017
libsec: check if modulus is too small for message in pkcs1padbuf()
--- a/sys/src/libsec/port/x509.c
+++ b/sys/src/libsec/port/x509.c
@@ -2143,6 +2143,10 @@
mpint *mp;
pm1 = n - 1 - len;
+ if(pm1 <= 2){
+ werrstr("pkcs1padbuf: modulus too small");
+ return nil;
+ }
p = (uchar*)emalloc(n);
p[0] = 0;
p[1] = 1;
@@ -2827,6 +2831,8 @@
goto errret;
pkcs1 = pkcs1pad(sigbytes, pk->n);
freebytes(sigbytes);
+ if(pkcs1 == nil)
+ goto errret;
rsadecrypt(priv, pkcs1, pkcs1);
buflen = mptobe(pkcs1, nil, 0, &buf);
@@ -2894,6 +2900,8 @@
goto errret;
pkcs1 = pkcs1pad(sigbytes, pk->n);
freebytes(sigbytes);
+ if(pkcs1 == nil)
+ goto errret;
rsadecrypt(priv, pkcs1, pkcs1);
buflen = mptobe(pkcs1, nil, 0, &buf);