[PATCH 0/4] rsa.c: Fixes for key length processing
Ian Jackson
ijackson at chiark.greenend.org.uk
Mon Jul 22 00:19:37 BST 2013
Mark prepared this series and passed me the git URL. I'm posting it
here for form's sake. I am integrating it into my enormous pending
series.
1/4 rsa.c: Fix incorrect commentary.
2/4 rsa.c: Factor out constructing the EMSA-PKCS1 message representative.
3/4 rsa.c: Replace the magic length 1024 with a (larger) constant.
4/4 rsa.c: Check public key length.
4/4 is a fix for what is a security issue. An insider attacker can
configure a stupidly large RSA public key (via the sites file, either
manually updated or via a userv invocation). secnet will then
overflow its buffer. In order to make it more than a denial of
service attack, the attacker has to arrange for the MD5 hash of a
message being verified contain their shellcode (or a jump to it).
More information about the sgo-software-discuss
mailing list