fix buffer overflow in RSA{Public,Private}Decrypt. from CORE SDI.

1 files changed, 42 insertions, 0 deletions

diff --git a/security/rsaref/files/patch-ac b/security/rsaref/files/patch-ac
new file mode 100644
index 00000000000..3f442a44ab9
--- /dev/null
+++ b/security/rsaref/files/patch-ac
@@ -0,0 +1,42 @@
+--- rsa.c.orig	Fri Mar 25 14:01:48 1994
++++ rsa.c	Wed Dec  1 23:01:22 1999
+@@ -33,6 +33,9 @@
+   unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen;
+   
++  if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
++    return (RE_LEN);
++
+   modulusLen = (publicKey->bits + 7) / 8;
+   if (inputLen + 11 > modulusLen)
+     return (RE_LEN);
+@@ -78,6 +81,9 @@
+   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen, pkcsBlockLen;
+   
++  if (inputLen > MAX_RSA_MODULUS_LEN)
++    return (RE_LEN);
++
+   modulusLen = (publicKey->bits + 7) / 8;
+   if (inputLen > modulusLen)
+     return (RE_LEN);
+@@ -129,6 +135,9 @@
+   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen;
+   
++  if (inputLen + 3 > MAX_RSA_MODULUS_LEN)
++    return (RE_LEN);
++
+   modulusLen = (privateKey->bits + 7) / 8;
+   if (inputLen + 11 > modulusLen)
+     return (RE_LEN);
+@@ -168,6 +177,9 @@
+   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+   unsigned int i, modulusLen, pkcsBlockLen;
+   
++  if (inputLen > MAX_RSA_MODULUS_LEN)
++    return (RE_LEN);
++
+   modulusLen = (privateKey->bits + 7) / 8;
+   if (inputLen > modulusLen)
+     return (RE_LEN);