diff options
| author | Jon Simons <jon@jonsimons.org> | 2014-01-21 23:36:08 -0800 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2014-01-23 11:17:45 +0100 |
| commit | 18506f697c5928c519dd98f69e47ff77aec79f36 (patch) | |
| tree | 7e3a944f660986164048308c2b7525cf14873423 /src/threads.c | |
| parent | 15bede0c0e03b4065fc8a156f11f1d1d87f0e7e8 (diff) | |
pki_crypto: fix DSA signature extraction
Fix the DSA portion of 'pki_signature_to_blob': before this change, it
is possible to sometimes observe DSA signature validation failure when
testing with OpenSSH clients. The problem ended up being the following
snippet which did not account for the case when 'ssh_string_len(x)' may
be less than 20:
r = make_bignum_string(sig->dsa_sig->r);
...
memcpy(buffer,
((char *) ssh_string_data(r)) + ssh_string_len(r) - 20,
20);
Above consider the case that ssh_string_len(r) is 19; in that case the
memcpy unintentionally starts in the wrong place. The same situation
can happen for value 's' in this code.
To fix, adjust the offsets used for the input and output pointers, taking
into account that the lengths of 'r' and 's' can be less than 20. With
the fix I am no longer able to reproduce the original failure mode.
BUG: https://red.libssh.org/issues/144
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/threads.c')
0 files changed, 0 insertions, 0 deletions