[PATCH 0/4] rsa.c: Fixes for key length processing

Ian Jackson ijackson at chiark.greenend.org.uk
Mon Jul 22 00:19:37 BST 2013

Mark prepared this series and passed me the git URL.  I'm posting it
here for form's sake.  I am integrating it into my enormous pending

 1/4 rsa.c: Fix incorrect commentary.
 2/4 rsa.c: Factor out constructing the EMSA-PKCS1 message representative.
 3/4 rsa.c: Replace the magic length 1024 with a (larger) constant.
 4/4 rsa.c: Check public key length.

4/4 is a fix for what is a security issue.  An insider attacker can
configure a stupidly large RSA public key (via the sites file, either
manually updated or via a userv invocation).  secnet will then
overflow its buffer.  In order to make it more than a denial of
service attack, the attacker has to arrange for the MD5 hash of a
message being verified contain their shellcode (or a jump to it).

More information about the sgo-software-discuss mailing list