[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/2] pki: NULL check pki_signature_from_rsa_blob result


Check for a potential NULL result from `pki_signature_from_rsa_blob`
in `pki_signature_from_blob`.  Otherwise the following `sig->type_c`
will result in a segfault.

Introduced in 7f83a1efae6a7da19e18268d6298fc11b4e68c57.

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 src/pki_crypto.c     | 3 +++
 src/pki_mbedcrypto.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index f37dc093..40ffedfe 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1681,6 +1681,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA1:
             sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
+            if (sig == NULL) {
+                return NULL;
+            }
             sig->type_c = ssh_key_signature_to_char(type, hash_type);
             break;
         case SSH_KEYTYPE_ECDSA:
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index ccce014c..57a4ffae 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -917,6 +917,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     switch(type) {
         case SSH_KEYTYPE_RSA:
             sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
+            if (sig == NULL) {
+                return NULL;
+            }
             sig->type_c = ssh_key_signature_to_char(type, hash_type);
             break;
         case SSH_KEYTYPE_ECDSA: {
-- 
2.19.1.593.gc670b1f


References:
[PATCH 0/2] pki: fix one segfault and some memory leaksJon Simons <jon@xxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org