Sophie

Sophie

distrib > Mandriva > current > i586 > media > contrib-release-src > by-pkgid > 7ac4fa1ea5226ba0c0c9a527c7b4a484 > files > 13

uClibc-openssl-0.9.7g-4mdv2007.1.src.rpm


http://www.openssl.org/news/secadv_20060905.txt

(This patch was updated Tue Sep  5 15:54:30 UTC 2006 to also work
against 0.9.6)

(This patch was updated Wed Sep 6 08:37:55 UTC 2006 to remove the
changes to rsa_eay.c/rsa.h/rsa_err.c which were not necessary to
correct this vulnerability)

Index: crypto/rsa/rsa_sign.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_sign.c,v
retrieving revision 1.21
diff -u -r1.21 rsa_sign.c
--- crypto/rsa/rsa_sign.c	26 Apr 2005 22:07:17 -0000	1.21
+++ crypto/rsa/rsa_sign.c	4 Sep 2006 15:16:57 -0000
@@ -185,6 +185,23 @@
 		sig=d2i_X509_SIG(NULL,&p,(long)i);

 		if (sig == NULL) goto err;
+
+		/* Excess data can be used to create forgeries */
+		if(p != s+i)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
+		/* Parameters to the signature algorithm can also be used to
+		   create forgeries */
+		if(sig->algor->parameter
+		   && sig->algor->parameter->type != V_ASN1_NULL)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
 		sigtype=OBJ_obj2nid(sig->algor->algorithm);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional