diff options
| author | imp <imp@FreeBSD.org> | 1999-11-16 15:21:36 +0800 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1999-11-16 15:21:36 +0800 |
| commit | 2b0fd44116e544676d94d081c593ce833ca17e14 (patch) | |
| tree | 1a2d2b1314a68a0972ba7858de1dd8aaae2c199d /security | |
| parent | 6f35fa1085a9e1637c60438ebd4baf9929b81c8a (diff) | |
| download | freebsd-ports-gnome-2b0fd44116e544676d94d081c593ce833ca17e14.tar.gz freebsd-ports-gnome-2b0fd44116e544676d94d081c593ce833ca17e14.tar.zst freebsd-ports-gnome-2b0fd44116e544676d94d081c593ce833ca17e14.zip | |
Don't overflow rsa bits. As seen on bugtraq and elsewhere.
Submitted by: drow@false.org
Reviewed by: ache
PR: 14749
Diffstat (limited to 'security')
| -rw-r--r-- | security/ssh/files/patch-ax | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/security/ssh/files/patch-ax b/security/ssh/files/patch-ax new file mode 100644 index 000000000000..c4a114fc306e --- /dev/null +++ b/security/ssh/files/patch-ax @@ -0,0 +1,25 @@ +--- rsaglue.c.orig Tue Nov 9 11:12:32 1999 ++++ rsaglue.c Tue Nov 9 11:17:58 1999 +@@ -139,6 +139,10 @@ + + input_bits = mpz_sizeinbase(input, 2); + input_len = (input_bits + 7) / 8; ++ if(input_bits > MAX_RSA_MODULUS_BITS) ++ fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).", ++ input_bits, MAX_RSA_MODULUS_BITS); ++ + gmp_to_rsaref(input_data, input_len, input); + + rsaref_public_key(&public_key, key); +@@ -172,6 +176,10 @@ + + input_bits = mpz_sizeinbase(input, 2); + input_len = (input_bits + 7) / 8; ++ if(input_bits > MAX_RSA_MODULUS_BITS) ++ fatal("Received session key too long (%d bits, %d max) (malicious?).", ++ input_bits, MAX_RSA_MODULUS_BITS); ++ + gmp_to_rsaref(input_data, input_len, input); + + rsaref_private_key(&private_key, key); + |