diff options
author | Jeffrey Walton <noloader@gmail.com> | 2020-12-02 16:40:25 -0500 |
---|---|---|
committer | Jeffrey Walton <noloader@gmail.com> | 2020-12-02 16:40:25 -0500 |
commit | 301c169f9afb364b93011f9870aa4202bd407ae5 (patch) | |
tree | 1d71d460cf5280de153250d820cfecead77b9986 | |
parent | aa4cf301b4e5db9e414ba00a27779f5910c42a9e (diff) | |
download | cryptopp-git-301c169f9afb364b93011f9870aa4202bd407ae5.tar.gz |
Add some signature length validation to DL_VerifierBase
Based on testing during GH #981 we found an undersized buffer caused an out-of-bounds read.
-rw-r--r-- | pubkey.h | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -1714,14 +1714,21 @@ public: void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
{
- CRYPTOPP_UNUSED(signature); CRYPTOPP_UNUSED(signatureLength);
PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
const DL_ElgamalLikeSignatureAlgorithm<T> &alg = this->GetSignatureAlgorithm();
const DL_GroupParameters<T> ¶ms = this->GetAbstractGroupParameters();
+ // Validation due to https://github.com/weidai11/cryptopp/issues/981
+ // We allow a caller to provide R and S in oversized buffer. R and S are
+ // read based on the field element size, and not the buffer size.
const size_t rLen = alg.RLen(params);
+ const size_t sLen = alg.SLen(params);
+ CRYPTOPP_ASSERT(signatureLength >= rLen + sLen);
+ if (signatureLength < rLen + sLen)
+ throw InvalidDataFormat("DL_VerifierBase: signature length is not valid.");
+
ma.m_semisignature.Assign(signature, rLen);
- ma.m_s.Decode(signature+rLen, alg.SLen(params));
+ ma.m_s.Decode(signature+rLen, sLen);
this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.size());
}
|