From: Eric Biggers <ebiggers@xxxxxxxxxx>
commit a24611ea356c7f3f0ec926da11b9482ac1f414fd upstream.
Before checking whether the expected digest_info is present, we need to
check that there are enough bytes remaining.
Fixes: a49de377e051 ("crypto: Add hash param to pkcs1pad")
Cc: <stable@xxxxxxxxxxxxxxx> # v4.6+
Cc: Tadeusz Struk <tadeusz.struk@xxxxxxxxxx>
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
crypto/rsa-pkcs1pad.c | 2 ++
1 file changed, 2 insertions(+)
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -476,6 +476,8 @@ static int pkcs1pad_verify_complete(stru
pos++;
if (digest_info) {
+ if (digest_info->size > dst_len - pos)
+ goto done;
if (crypto_memneq(out_buf + pos, digest_info->data,
digest_info->size))
goto done;
Patches currently in stable-queue which might be from ebiggers@xxxxxxxxxx are
queue-5.17/keys-asymmetric-enforce-that-sig-algo-matches-key-algo.patch
queue-5.17/crypto-rsa-pkcs1pad-correctly-get-hash-from-source-scatterlist.patch
queue-5.17/crypto-rsa-pkcs1pad-fix-buffer-overread-in-pkcs1pad_verify_complete.patch
queue-5.17/crypto-rsa-pkcs1pad-only-allow-with-rsa.patch
queue-5.17/crypto-rsa-pkcs1pad-restore-signature-length-check.patch
queue-5.17/keys-fix-length-validation-in-keyctl_pkey_params_get_2.patch
queue-5.17/keys-asymmetric-properly-validate-hash_algo-and-encoding.patch
