diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2021-09-28 17:52:08 +0200 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2021-11-24 08:06:33 +0700 |
| commit | 5de6fd137e48151e58954f6c0b8866d258fff14b (patch) | |
| tree | 087e24ecd8594f8156f6ffd4ef26818ad072111d /src/libstrongswan/plugins/gmp | |
| parent | e10cfecc81ec1fe0c2be4ad958467de77b3f7bb7 (diff) | |
| download | vyos-strongswan-5de6fd137e48151e58954f6c0b8866d258fff14b.tar.gz vyos-strongswan-5de6fd137e48151e58954f6c0b8866d258fff14b.zip | |
Reject RSASSA-PSS params with negative salt length
The `salt_len` member in the struct is of type `ssize_t` because we use
negative values for special automatic salt lengths when generating
signatures.
Not checking this could lead to an integer overflow. The value is assigned
to the `len` field of a chunk (`size_t`), which is further used in
calculations to check the padding structure and (if that is passed by a
matching crafted signature value) eventually a memcpy() that will result
in a segmentation fault.
Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params")
Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification")
Fixes: CVE-2021-41990
Signed-off-by: Daniil Baturin <daniil@baturin.org>
Diffstat (limited to 'src/libstrongswan/plugins/gmp')
| -rw-r--r-- | src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index f9bd1d314..3a7750908 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -168,7 +168,7 @@ static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this, int i; bool success = FALSE; - if (!params) + if (!params || params->salt_len < 0) { return FALSE; } |