vyos-strongswan.git/src/libstrongswan/plugins/gmp, branch current (mirror of https://github.com/vyos/vyos-strongswan.git)
https://git.amelek.net/vyos/vyos-strongswan.git/atom?h=current2021-11-24T01:06:15+00:00Reject RSASSA-PSS params with negative salt length2021-11-24T01:06:15+00:00Tobias Brunnertobias@strongswan.org2021-09-28T15:52:08+00:00urn:sha1:d99fe15d9e86c5a4c7546b58f94c9caed68b3953
The `salt_len` member in the struct is of type `ssize_t` because we use
negative values for special automatic salt lengths when generating
signatures.
Not checking this could lead to an integer overflow. The value is assigned
to the `len` field of a chunk (`size_t`), which is further used in
calculations to check the padding structure and (if that is passed by a
matching crafted signature value) eventually a memcpy() that will result
in a segmentation fault.
Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params")
Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification")
Fixes: CVE-2021-41990
Signed-off-by: Daniil Baturin <daniil@baturin.org>
New upstream version 5.7.22019-01-02T10:07:05+00:00Yves-Alexis Perezcorsac@debian.org2019-01-02T09:45:36+00:00urn:sha1:918094fde55fa0dbfd59a5f88d576efb513a88dbNew upstream version 5.7.12018-10-01T20:30:25+00:00Yves-Alexis Perezcorsac@debian.org2018-10-01T20:30:25+00:00urn:sha1:3001f2ed68bf2e519b197a0a33e9976177c002aeNew upstream version 5.7.02018-09-24T13:11:14+00:00Yves-Alexis Perezcorsac@debian.org2018-09-24T13:11:14+00:00urn:sha1:e0e280b7669435b991b7e457abd8aa450930b3e8New upstream version 5.6.32018-06-04T07:59:21+00:00Yves-Alexis Perezcorsac@debian.org2018-06-04T07:59:21+00:00urn:sha1:51a71ee15c1bcf0e82f363a16898f571e211f9c3New upstream version 5.6.22018-02-19T17:17:21+00:00Yves-Alexis Perezcorsac@corsac.net2018-02-19T17:17:21+00:00urn:sha1:7793611ee71b576dd9c66dee327349fa64e38740New upstream version 5.6.12017-11-21T09:22:31+00:00Yves-Alexis Perezcorsac@corsac.net2017-11-21T09:22:31+00:00urn:sha1:e1d78dc2faaa06e7c3f71ef674a71e4de2f0758eNew upstream version 5.6.02017-09-01T15:21:25+00:00Yves-Alexis Perezcorsac@corsac.net2017-09-01T15:21:25+00:00urn:sha1:11d6b62db969bdd808d0f56706cb18f113927a31New upstream version 5.5.32017-05-30T18:59:31+00:00Yves-Alexis Perezcorsac@corsac.net2017-05-30T18:59:31+00:00urn:sha1:bba25e2ff6c4a193acb54560ea4417537bd2954eNew upstream version 5.5.22017-04-01T14:26:44+00:00Yves-Alexis Perezcorsac@corsac.net2017-04-01T14:26:44+00:00urn:sha1:05ddd767992d68bb38c7f16ece142e8c2e9ae016