shithub: riscv

Download patch

ref: 02b3c609ed7deb369722617c20f69c5f3f73e570
parent: 1df513a2a1683efa18655047946ef735479b2dfb
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Feb 5 21:03:16 EST 2017

libsec: check if modulus is too small for message in pkcs1padbuf()

--- a/sys/src/libsec/port/x509.c
+++ b/sys/src/libsec/port/x509.c
@@ -2143,6 +2143,10 @@
 	mpint *mp;
 
 	pm1 = n - 1 - len;
+	if(pm1 <= 2){
+		werrstr("pkcs1padbuf: modulus too small");
+		return nil;
+	}
 	p = (uchar*)emalloc(n);
 	p[0] = 0;
 	p[1] = 1;
@@ -2827,6 +2831,8 @@
 		goto errret;
 	pkcs1 = pkcs1pad(sigbytes, pk->n);
 	freebytes(sigbytes);
+	if(pkcs1 == nil)
+		goto errret;
 
 	rsadecrypt(priv, pkcs1, pkcs1);
 	buflen = mptobe(pkcs1, nil, 0, &buf);
@@ -2894,6 +2900,8 @@
 		goto errret;
 	pkcs1 = pkcs1pad(sigbytes, pk->n);
 	freebytes(sigbytes);
+	if(pkcs1 == nil)
+		goto errret;
 
 	rsadecrypt(priv, pkcs1, pkcs1);
 	buflen = mptobe(pkcs1, nil, 0, &buf);