You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

38 lines
1.5 KiB

  1. From 129ab919a8c3abfc17bea776f0774e0ccf33ca09 Mon Sep 17 00:00:00 2001
  2. From: Tobias Brunner <tobias@strongswan.org>
  3. Date: Tue, 25 Sep 2018 14:50:08 +0200
  4. Subject: [PATCH] gmp: Fix buffer overflow with very small RSA keys
  5. Because `keylen` is unsigned the subtraction results in an integer
  6. underflow if the key length is < 11 bytes.
  7. This is only a problem when verifying signatures with a public key (for
  8. private keys the plugin enforces a minimum modulus length) and to do so
  9. we usually only use trusted keys. However, the x509 plugin actually
  10. calls issued_by() on a parsed certificate to check if it is self-signed,
  11. which is the reason this issue was found by OSS-Fuzz in the first place.
  12. So, unfortunately, this can be triggered by sending an invalid client
  13. cert to a peer.
  14. Fixes: 5955db5b124a ("gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them")
  15. Fixes: CVE-2018-17540
  16. ---
  17. src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c | 2 +-
  18. 1 file changed, 1 insertion(+), 1 deletion(-)
  19. diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
  20. index e9a83fdf49a1..a255a40abce2 100644
  21. --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
  22. +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
  23. @@ -301,7 +301,7 @@ bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
  24. data = digestInfo;
  25. }
  26. - if (data.len > keylen - 11)
  27. + if (keylen < 11 || data.len > keylen - 11)
  28. {
  29. chunk_free(&digestInfo);
  30. DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of "
  31. --
  32. 2.7.4