|
 |
a98e04 |
From 56820e54392efc5dd59032f8872aaf219190ad4f Mon Sep 17 00:00:00 2001
|
|
|
a98e04 |
From: Colin Walters <walters@verbum.org>
|
|
|
a98e04 |
Date: Thu, 14 Jul 2022 14:42:19 -0400
|
|
|
a98e04 |
Subject: [PATCH] sign/ed25519: Verify signatures are minimum length
|
|
|
a98e04 |
|
|
|
a98e04 |
The ed25519 signature verification code does not
|
|
|
a98e04 |
check that the signature is a minimum/correct length.
|
|
|
a98e04 |
As a result, if the signature is too short, libsodium will end up
|
|
|
a98e04 |
reading a few bytes out of bounds.
|
|
|
a98e04 |
|
|
|
a98e04 |
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
|
|
|
a98e04 |
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>
|
|
|
a98e04 |
|
|
|
a98e04 |
Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
|
|
|
a98e04 |
---
|
|
|
a98e04 |
src/libostree/ostree-sign-ed25519.c | 3 +++
|
|
|
a98e04 |
1 file changed, 3 insertions(+)
|
|
|
a98e04 |
|
|
|
a98e04 |
diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
|
|
|
a98e04 |
index 809ffe8790..f271fd49e0 100644
|
|
|
a98e04 |
--- a/src/libostree/ostree-sign-ed25519.c
|
|
|
a98e04 |
+++ b/src/libostree/ostree-sign-ed25519.c
|
|
|
a98e04 |
@@ -209,6 +209,9 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
|
|
|
a98e04 |
g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
|
|
|
a98e04 |
g_autoptr (GBytes) signature = g_variant_get_data_as_bytes(child);
|
|
|
a98e04 |
|
|
|
a98e04 |
+ if (g_bytes_get_size (signature) != crypto_sign_BYTES)
|
|
|
a98e04 |
+ return glnx_throw (error, "Invalid signature length of %" G_GSIZE_FORMAT " bytes, expected %" G_GSIZE_FORMAT, (gsize) g_bytes_get_size (signature), (gsize) crypto_sign_BYTES);
|
|
|
a98e04 |
+
|
|
|
a98e04 |
g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
|
|
|
a98e04 |
|
|
|
a98e04 |
g_debug("Read signature %d: %s", (gint)i, g_variant_print(child, TRUE));
|