From b003ab898b851ee150b744f45ce2f36f7375fab3 Mon Sep 17 00:00:00 2001
From: brad <>
Date: Sat, 9 Sep 2006 01:23:17 +0000
Subject: MFC: Fix by djm@

fix RSA signature padding vulnerability in OpenSSL libcrypto CVE-2006-4339
---
 src/lib/libssl/src/crypto/rsa/rsa_sign.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/lib/libssl')

diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index cee09eccb1..db86f1ac58 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		sig=d2i_X509_SIG(NULL,&p,(long)i);
 
 		if (sig == NULL) goto err;
+
+		/* Excess data can be used to create forgeries */
+		if(p != s+i)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
+		/* Parameters to the signature algorithm can also be used to
+		   create forgeries */
+		if(sig->algor->parameter
+		   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
 		sigtype=OBJ_obj2nid(sig->algor->algorithm);
 
 
-- 
cgit v1.2.3-55-g6feb