From 765133acf215c25c5804d3ab9a48f2398a640456 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 29 May 2020 14:11:13 -0700
Subject: [PATCH] RSA OOB Read Added a check of the length of the RSA signature
 before verifying it. The signature's length needs to be at least 2 bytes as
 the wolfCrypt padding check assumes it is at least 2 bytes long. (ZD10358)

---
 src/internal.c     | 9 +++++++++
 wolfssh/error.h    | 3 ++-
 wolfssh/internal.h | 1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 8eef403..8db2728 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -284,6 +284,9 @@ const char* GetErrorString(int err)
         case WS_DH_SIZE_E:
             return "DH prime group size larger than expected";
 
+        case WS_PUBKEY_SIG_MIN_E:
+            return "pubkey signature too small";
+
         default:
             return "Unknown error code";
     }
@@ -2843,8 +2846,14 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
             if (ret == WS_SUCCESS) {
                 if (sigKeyBlock.useRsa) {
                     sig = sig + begin;
+                    /* In the fuzz, sigSz ends up 1 and it has issues. */
                     sigSz = scratch;
 
+                    if (sigSz < MIN_RSA_SIG_SZ) {
+                        WLOG(WS_LOG_DEBUG, "Provided signature is too small.");
+                        ret = WS_RSA_E;
+                    }
+
                     if (sigSz + begin + tmpIdx > len) {
                         WLOG(WS_LOG_DEBUG,
                                 "Signature size found would result in error 2");
diff --git a/wolfssh/error.h b/wolfssh/error.h
index bbbb7d7..df16f5b 100644
--- a/wolfssh/error.h
+++ b/wolfssh/error.h
@@ -113,8 +113,9 @@ enum WS_ErrorCodes {
     WS_WINDOW_FULL          = -1073,
     WS_MISSING_CALLBACK     = -1074, /* Callback is missing */
     WS_DH_SIZE_E            = -1075, /* DH prime larger than expected */
+    WS_PUBKEY_SIG_MIN_E     = -1076, /* Signature too small */
 
-    WS_LAST_E               = -1075  /* Update this to indicate last error */
+    WS_LAST_E               = -1076  /* Update this to indicate last error */
 };
 
 
diff --git a/wolfssh/internal.h b/wolfssh/internal.h
index e23080b..9e82e63 100644
--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@@ -112,6 +112,7 @@ enum {
 #define MAX_INTEGRITY 2
 #define MAX_KEY_EXCHANGE 2
 #define MAX_PUBLIC_KEY 1
+#define MIN_RSA_SIG_SZ 2
 #define MAX_HMAC_SZ WC_SHA256_DIGEST_SIZE
 #define MIN_BLOCK_SZ 8
 #define COOKIE_SZ 16