[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] pki_crypto: guard against NULL pubkey->rsa in signature
[Thread Prev] | [Thread Next]
- Subject: [PATCH] pki_crypto: guard against NULL pubkey->rsa in signature
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 19 Mar 2014 19:49:35 -0700
- To: libssh@xxxxxxxxxx
Hi, Attached is a patch to guard against a NULL dereference in pki_signature_from_rsa_blob. -Jon
From 1f8891b0cd99c3966096649e730949240bbf3059 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@xxxxxxxxxxxxx>
Date: Mon, 10 Feb 2014 13:07:23 -0800
Subject: [PATCH] pki_crypto: guard against NULL pubkey->rsa in signature
extraction
Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
src/pki_crypto.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index cbd2c78..ae84918 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1223,9 +1223,15 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey,
char *blob_padded_data;
ssh_string sig_blob_padded;
+ size_t rsalen = 0;
size_t len = ssh_string_len(sig_blob);
- size_t rsalen= RSA_size(pubkey->rsa);
+ if (pubkey->rsa == NULL) {
+ ssh_pki_log("Pubkey RSA field NULL");
+ goto errout;
+ }
+
+ rsalen = RSA_size(pubkey->rsa);
if (len > rsalen) {
ssh_pki_log("Signature is too big: %lu > %lu",
(unsigned long)len, (unsigned long)rsalen);
--
1.8.4.21.g992c386
Archive administrator: postmaster@lists.cynapses.org