diff options
author | Warner Losh <imp@FreeBSD.org> | 1999-11-16 07:21:36 +0000 |
---|---|---|
committer | Warner Losh <imp@FreeBSD.org> | 1999-11-16 07:21:36 +0000 |
commit | 272f7058db9270869ca62b912a1cd26c8700dc5b (patch) | |
tree | 89c9f720807a1a637fe23cdca2703869e9845841 /security/ssh/files/patch-ax | |
parent | Update to 0.9.50 (diff) |
Don't overflow rsa bits. As seen on bugtraq and elsewhere.
Submitted by: drow@false.org
Reviewed by: ache
PR: 14749
Notes
Notes:
svn path=/head/; revision=23147
Diffstat (limited to '')
-rw-r--r-- | security/ssh/files/patch-ax | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/security/ssh/files/patch-ax b/security/ssh/files/patch-ax new file mode 100644 index 000000000000..c4a114fc306e --- /dev/null +++ b/security/ssh/files/patch-ax @@ -0,0 +1,25 @@ +--- rsaglue.c.orig Tue Nov 9 11:12:32 1999 ++++ rsaglue.c Tue Nov 9 11:17:58 1999 +@@ -139,6 +139,10 @@ + + input_bits = mpz_sizeinbase(input, 2); + input_len = (input_bits + 7) / 8; ++ if(input_bits > MAX_RSA_MODULUS_BITS) ++ fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).", ++ input_bits, MAX_RSA_MODULUS_BITS); ++ + gmp_to_rsaref(input_data, input_len, input); + + rsaref_public_key(&public_key, key); +@@ -172,6 +176,10 @@ + + input_bits = mpz_sizeinbase(input, 2); + input_len = (input_bits + 7) / 8; ++ if(input_bits > MAX_RSA_MODULUS_BITS) ++ fatal("Received session key too long (%d bits, %d max) (malicious?).", ++ input_bits, MAX_RSA_MODULUS_BITS); ++ + gmp_to_rsaref(input_data, input_len, input); + + rsaref_private_key(&private_key, key); + |