From a5863770535658d7ead0489ee07fe2795f25f2b7 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Wed, 7 Jun 2023 09:28:46 +0100 Subject: [PATCH] pubkey.c (meth__pss_encode): Fix the buffer allocation. The code overestimated the buffer length by one bit, which would be fine except that it then uses the buffer estimate to validate the requested salt length, which permits an overly large salt when NBITS == 1 (mod 8). The underlying logic doesn't get this wrong, and returns a null pointer as a rejection, which causes a later segfault. Fix and add tests. --- pubkey.c | 2 +- t/t-pubkey.py | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/pubkey.c b/pubkey.c index 0abb011..94cb7f3 100644 --- a/pubkey.c +++ b/pubkey.c @@ -1099,7 +1099,7 @@ static PyObject *meth__pss_encode(PyObject *me, convszt, &p.ssz, convgrand, &p.r)) goto end; - sz = (nbits + 7)/8; + sz = (nbits + 6)/8; if (p.ssz == (size_t)-1) p.ssz = p.ch->hashsz; if (p.ch->hashsz + p.ssz + 2 > sz) VALERR("buffer underflow"); b = xmalloc(sz); diff --git a/t/t-pubkey.py b/t/t-pubkey.py index 5b930b0..cfbcbbe 100644 --- a/t/t-pubkey.py +++ b/t/t-pubkey.py @@ -133,6 +133,15 @@ class TestRSA (U.TestCase): me.assertTrue(A.verify(h, sig, pad)) me.assertFalse(A.verify(hh, sig, pad)) + pss = C.PSS(saltsz = 106) + pss_big = C.PSS(saltsz = 107) + mr = C.ByteString.zero(20) + for n in T.range(1018, 1026): + me.assertRaises(ValueError, pss_big.encode, mr, n) + me.assertEqual(pss.decode(mr, pss.encode(mr, n), n), None) + n = 1026 + me.assertEqual(pss_big.decode(mr, pss_big.encode(mr, n), n), None) + ###-------------------------------------------------------------------------- class TestXDH (U.TestCase): -- 2.11.0