mirror of https://github.com/wolfSSL/wolfssh.git
RSA OOB Read
Added a check of the length of the RSA signature before verifying it. The signature's length needs to be at least 2 bytes as the wolfCrypt padding check assumes it is at least 2 bytes long. (ZD10358)pull/261/head
parent
9ae1ad1e08
commit
765133acf2
|
@ -284,6 +284,9 @@ const char* GetErrorString(int err)
|
|||
case WS_DH_SIZE_E:
|
||||
return "DH prime group size larger than expected";
|
||||
|
||||
case WS_PUBKEY_SIG_MIN_E:
|
||||
return "pubkey signature too small";
|
||||
|
||||
default:
|
||||
return "Unknown error code";
|
||||
}
|
||||
|
@ -2843,8 +2846,14 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
|
|||
if (ret == WS_SUCCESS) {
|
||||
if (sigKeyBlock.useRsa) {
|
||||
sig = sig + begin;
|
||||
/* In the fuzz, sigSz ends up 1 and it has issues. */
|
||||
sigSz = scratch;
|
||||
|
||||
if (sigSz < MIN_RSA_SIG_SZ) {
|
||||
WLOG(WS_LOG_DEBUG, "Provided signature is too small.");
|
||||
ret = WS_RSA_E;
|
||||
}
|
||||
|
||||
if (sigSz + begin + tmpIdx > len) {
|
||||
WLOG(WS_LOG_DEBUG,
|
||||
"Signature size found would result in error 2");
|
||||
|
|
|
@ -113,8 +113,9 @@ enum WS_ErrorCodes {
|
|||
WS_WINDOW_FULL = -1073,
|
||||
WS_MISSING_CALLBACK = -1074, /* Callback is missing */
|
||||
WS_DH_SIZE_E = -1075, /* DH prime larger than expected */
|
||||
WS_PUBKEY_SIG_MIN_E = -1076, /* Signature too small */
|
||||
|
||||
WS_LAST_E = -1075 /* Update this to indicate last error */
|
||||
WS_LAST_E = -1076 /* Update this to indicate last error */
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -112,6 +112,7 @@ enum {
|
|||
#define MAX_INTEGRITY 2
|
||||
#define MAX_KEY_EXCHANGE 2
|
||||
#define MAX_PUBLIC_KEY 1
|
||||
#define MIN_RSA_SIG_SZ 2
|
||||
#define MAX_HMAC_SZ WC_SHA256_DIGEST_SIZE
|
||||
#define MIN_BLOCK_SZ 8
|
||||
#define COOKIE_SZ 16
|
||||
|
|
Loading…
Reference in New Issue