Tree - rpms/libtomcrypt - CentOS Git server

rpms / libtomcrypt

Files

Commit: 5970473ac8b486d619589840ab86276369f1606c

Blob Blame History Raw

diff -Naur libtomcrypt-1.17.old/src/pk/rsa/rsa_verify_hash.c libtomcrypt-1.17/src/pk/rsa/rsa_verify_hash.c
--- libtomcrypt-1.17.old/src/pk/rsa/rsa_verify_hash.c	2017-06-25 22:53:28.345381447 +0200
+++ libtomcrypt-1.17/src/pk/rsa/rsa_verify_hash.c	2017-06-25 22:53:33.766484337 +0200
@@ -96,7 +96,7 @@
   } else {
     /* LTC_PKCS #1 v1.5 decode it */
     unsigned char *out;
-    unsigned long outlen, loid[16];
+    unsigned long outlen, loid[16], reallen;
     int           decoded;
     ltc_asn1_list digestinfo[2], siginfo[2];
 
@@ -138,8 +138,14 @@
        goto bail_2;
     }
 
+    if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
+       XFREE(out);
+       goto bail_2;
+    }
+
     /* test OID */
-    if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+    if ((reallen == outlen) &&
+        (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
         (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
         (siginfo[1].size == hashlen) &&
         (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {

rpms / libtomcrypt

Source Code

Files