summaryrefslogtreecommitdiff
path: root/testing
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2021-09-28 17:52:08 +0200
committerDaniil Baturin <daniil@baturin.org>2021-11-24 08:06:15 +0700
commitd99fe15d9e86c5a4c7546b58f94c9caed68b3953 (patch)
treefd30b0100b45c88949ee8162dacdf9b7295794f4 /testing
parentf71d48f38f637a3741d63539cbc59fe094fb62f8 (diff)
downloadvyos-strongswan-d99fe15d9e86c5a4c7546b58f94c9caed68b3953.tar.gz
vyos-strongswan-d99fe15d9e86c5a4c7546b58f94c9caed68b3953.zip
Reject RSASSA-PSS params with negative salt lengthHEADcurrent
The `salt_len` member in the struct is of type `ssize_t` because we use negative values for special automatic salt lengths when generating signatures. Not checking this could lead to an integer overflow. The value is assigned to the `len` field of a chunk (`size_t`), which is further used in calculations to check the padding structure and (if that is passed by a matching crafted signature value) eventually a memcpy() that will result in a segmentation fault. Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params") Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification") Fixes: CVE-2021-41990 Signed-off-by: Daniil Baturin <daniil@baturin.org>
Diffstat (limited to 'testing')
0 files changed, 0 insertions, 0 deletions