Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Commit: a07f7ac44cacae01a70ddaee4b6440c9e8a59054

Blob Blame History Raw

From a24611ea356c7f3f0ec926da11b9482ac1f414fd Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Tue, 18 Jan 2022 16:13:05 -0800
Subject: [PATCH] crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
Git-commit: a24611ea356c7f3f0ec926da11b9482ac1f414fd
Patch-mainline: v5.18-rc1
References: bsc#1197601

Before checking whether the expected digest_info is present, we need to
check that there are enough bytes remaining.

Fixes: a49de377e051 ("crypto: Add hash param to pkcs1pad")
Cc: <stable@vger.kernel.org> # v4.6+
Cc: Tadeusz Struk <tadeusz.struk@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 crypto/rsa-pkcs1pad.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -481,6 +481,8 @@ static int pkcs1pad_verify_complete(stru
 		goto done;
 	pos++;
 
+	if (digest_info->size > dst_len - pos)
+		goto done;
 	if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
 		goto done;

kernel / kernel-source

Source Code

Files