Commit b35e286a640f31d619a637332972498b51f3fd90 introduced the bug. When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do not match, hash comparision is not done and digsig_verify_rsa() returns no error. This is a bug and this patch fixes it.
Cc: [email protected] Signed-off-by: Dmitry Kasatkin <[email protected]> --- lib/digsig.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/digsig.c b/lib/digsig.c index 286d558..77b1848 100644 --- a/lib/digsig.c +++ b/lib/digsig.c @@ -164,8 +164,12 @@ static int digsig_verify_rsa(struct key *key, err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); - if (!err && len == hlen) - err = memcmp(out2, h, hlen); + if (err || len != hlen) { + err = -EINVAL; + goto err; + } + + err = memcmp(out2, h, hlen); err: mpi_free(in); -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
