pkcs#1 v1.5 decode: fix missing check of PS length in EMSA mode

libtom · Aug 19, 2014 · d51715db728d99954219cc42b013db6e48db65c0 · d51715d
1 parent 2b3c603
commit d51715db728d99954219cc42b013db6e48db65c0
Unified Split

Showing with 10 additions and 3 deletions.

+10 −3 src/pk/pkcs1/pkcs_1_v1_5_decode.c
diff --git a/src/pk/pkcs1/pkcs_1_v1_5_decode.c b/src/pk/pkcs1/pkcs_1_v1_5_decode.c
@@ -65,9 +65,8 @@ int pkcs_1_v1_5_decode(const unsigned char *msg,
    }
    ps_len = i++ - 2;

-    if ((i >= modulus_len) || (ps_len < 8)) {
-      /* There was no octet with hexadecimal value 0x00 to separate ps from m,
-       * or the length of ps is less than 8 octets.
+    if (i >= modulus_len) {
+      /* There was no octet with hexadecimal value 0x00 to separate ps from m.
       */
      result = CRYPT_INVALID_PACKET;
      goto bail;
@@ -87,6 +86,14 @@ int pkcs_1_v1_5_decode(const unsigned char *msg,
    ps_len = i - 2;
  }

+  if (ps_len < 8)
+  {
+    /* The length of ps is less than 8 octets.
+     */
+    result = CRYPT_INVALID_PACKET;
+    goto bail;
+  }
+
  if (*outlen < (msglen - (2 + ps_len + 1))) {
    *outlen = msglen - (2 + ps_len + 1);
    result = CRYPT_BUFFER_OVERFLOW;