From e57df8ae941d88e3b57568d6d1ec14595e6e4a13 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Tue, 14 Dec 1999 21:43:05 +0000 Subject: Revised buffer-overrun fix from CERT CA-99-15 (believed more complete than previous fix). --- security/rsaref/files/patch-sum | 4 ++-- security/rsaref/patches/patch-ah | 20 ++++++++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-) (limited to 'security/rsaref') diff --git a/security/rsaref/files/patch-sum b/security/rsaref/files/patch-sum index d89527bbbaa..2aa7fc862a3 100644 --- a/security/rsaref/files/patch-sum +++ b/security/rsaref/files/patch-sum @@ -1,4 +1,4 @@ -$NetBSD: patch-sum,v 1.2 1999/12/02 17:20:13 sommerfeld Exp $ +$NetBSD: patch-sum,v 1.3 1999/12/14 21:43:05 sommerfeld Exp $ MD5 (patch-aa) = 3d1707a6b7076325f9b3686060b392b2 MD5 (patch-ab) = f6d8972d7ea02a62d4f5ba0120d96bba @@ -7,4 +7,4 @@ MD5 (patch-ad) = 910f5414202345b27b0e2b5673a92837 MD5 (patch-ae) = b338ae75ce4c89fce35713215024fd7c MD5 (patch-af) = 88c571c7ff76b174fa5e12036794c0d4 MD5 (patch-ag) = f060d7321eaa6899851214f095f0eda1 -MD5 (patch-ah) = 63662bfdab838e07a627758999bfa157 +MD5 (patch-ah) = 14324cc59b32666c2da60907bf89b82b diff --git a/security/rsaref/patches/patch-ah b/security/rsaref/patches/patch-ah index 4b074942627..e3106291593 100644 --- a/security/rsaref/patches/patch-ah +++ b/security/rsaref/patches/patch-ah @@ -1,7 +1,7 @@ -$NetBSD: patch-ah,v 1.2 1999/12/02 17:20:14 sommerfeld Exp $ +$NetBSD: patch-ah,v 1.3 1999/12/14 21:43:06 sommerfeld Exp $ --- ../source/rsa.c.orig Fri Mar 25 14:01:48 1994 -+++ ../source/rsa.c Thu Dec 2 11:39:43 1999 ++++ ../source/rsa.c Tue Dec 14 16:28:19 1999 @@ -11,10 +11,10 @@ #include "rsa.h" #include "nn.h" @@ -15,43 +15,47 @@ $NetBSD: patch-ah,v 1.2 1999/12/02 17:20:14 sommerfeld Exp $ ((unsigned char *, unsigned int *, unsigned char *, unsigned int, R_RSA_PRIVATE_KEY *)); -@@ -33,6 +33,8 @@ +@@ -33,6 +33,9 @@ unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN]; unsigned int i, modulusLen; + if (inputLen+3>MAX_RSA_MODULUS_LEN) return (RE_LEN); ++ if (publicKey->bits > MAX_RSA_MODULUS_BITS) return (RE_LEN); + modulusLen = (publicKey->bits + 7) / 8; if (inputLen + 11 > modulusLen) return (RE_LEN); -@@ -78,6 +80,8 @@ +@@ -78,6 +81,9 @@ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; unsigned int i, modulusLen, pkcsBlockLen; + if (inputLen>MAX_RSA_MODULUS_LEN) return (RE_LEN); ++ if (publicKey->bits > MAX_RSA_MODULUS_BITS) return (RE_LEN); + modulusLen = (publicKey->bits + 7) / 8; if (inputLen > modulusLen) return (RE_LEN); -@@ -129,6 +133,8 @@ +@@ -129,6 +135,9 @@ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; unsigned int i, modulusLen; + if (inputLen+3>MAX_RSA_MODULUS_LEN) return (RE_LEN); ++ if (privateKey->bits > MAX_RSA_MODULUS_BITS) return (RE_LEN); + modulusLen = (privateKey->bits + 7) / 8; if (inputLen + 11 > modulusLen) return (RE_LEN); -@@ -168,6 +174,8 @@ +@@ -168,6 +177,9 @@ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; unsigned int i, modulusLen, pkcsBlockLen; + if (inputLen>MAX_RSA_MODULUS_LEN) return (RE_LEN); ++ if (privateKey->bits > MAX_RSA_MODULUS_BITS) return (RE_LEN); + modulusLen = (privateKey->bits + 7) / 8; if (inputLen > modulusLen) return (RE_LEN); -@@ -212,7 +220,7 @@ +@@ -212,7 +224,7 @@ Assumes inputLen < length of modulus. Requires input < modulus. */ @@ -60,7 +64,7 @@ $NetBSD: patch-ah,v 1.2 1999/12/02 17:20:14 sommerfeld Exp $ unsigned char *output; /* output block */ unsigned int *outputLen; /* length of output block */ unsigned char *input; /* input block */ -@@ -252,7 +260,7 @@ +@@ -252,7 +264,7 @@ Assumes inputLen < length of modulus. Requires input < modulus. */ -- cgit v1.2.3