$NetBSD: patch-am,v 1.3 2006/09/07 09:44:31 adrianp Exp $ --- crypto/rsa/rsa_sign.c.orig 2004-12-05 01:04:42.000000000 +0000 +++ crypto/rsa/rsa_sign.c @@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; + + /* Excess data can be used to create forgeries */ + if(p != s+i) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Parameters to the signature algorithm can also be used to + create forgeries */ + if(sig->algor->parameter + && sig->algor->parameter->type != V_ASN1_NULL) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + sigtype=OBJ_obj2nid(sig->algor->algorithm);