Reject RSASSA-PSS params with negative salt length - vyos-strongswan.git - (mirror of https://github.com/vyos/vyos-strongswan.git)

diff options

author	Tobias Brunner <tobias@strongswan.org>	2021-09-28 17:52:08 +0200
committer	Daniil Baturin <daniil@baturin.org>	2021-11-24 08:06:33 +0700
commit	5de6fd137e48151e58954f6c0b8866d258fff14b (patch)
tree	087e24ecd8594f8156f6ffd4ef26818ad072111d /testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
parent	e10cfecc81ec1fe0c2be4ad958467de77b3f7bb7 (diff)
download	vyos-strongswan-5de6fd137e48151e58954f6c0b8866d258fff14b.tar.gz vyos-strongswan-5de6fd137e48151e58954f6c0b8866d258fff14b.zip

Reject RSASSA-PSS params with negative salt length

The `salt_len` member in the struct is of type `ssize_t` because we use negative values for special automatic salt lengths when generating signatures. Not checking this could lead to an integer overflow. The value is assigned to the `len` field of a chunk (`size_t`), which is further used in calculations to check the padding structure and (if that is passed by a matching crafted signature value) eventually a memcpy() that will result in a segmentation fault. Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params") Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification") Fixes: CVE-2021-41990 Signed-off-by: Daniil Baturin <daniil@baturin.org>

Diffstat (limited to 'testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: