git.libre-soc.org Git - buildroot.git/blob

   1 From 9c29d48725fd40a82407a89f193cf009aeef9745 Mon Sep 17 00:00:00 2001
   2 From: Jouni Malinen <jouni@qca.qualcomm.com>
   3 Date: Mon, 19 May 2014 23:25:38 +0300
   4 Subject: [PATCH] X.509: Fix internal TLS/X.509 validation of PKCS#1
   5  signature
   6
   7 Verify that there is no extra data after the hash field. This is needed
   8 to avoid potential attacks using additional data to construct a value
   9 that passes the RSA operation and allows the hash value to be forged.
  10
  11 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
  12 ---
  13  src/tls/x509v3.c | 9 +++++++++
  14  1 file changed, 9 insertions(+)
  15
  16 diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
  17 index a9483cb7fc2f..751a268e1caf 100644
  18 --- a/src/tls/x509v3.c
  19 +++ b/src/tls/x509v3.c
  20 @@ -1783,6 +1783,15 @@ skip_digest_oid:
  21                 return -1;
  22         }
  23
  24 +       if (hdr.payload + hdr.length < data + data_len) {
  25 +               wpa_hexdump(MSG_INFO,
  26 +                           "X509: Extra data after certificate signature hash",
  27 +                           hdr.payload + hdr.length,
  28 +                           data + data_len - hdr.payload - hdr.length);
  29 +               os_free(data);
  30 +               return -1;
  31 +       }
  32 +
  33         os_free(data);
  34
  35         wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
  36 --
  37 2.0.0.rc2
  38