Bugzilla Bug 330114: corrected the checks for the PKCS #1 v1.5 padding

string and the length of the data (hash). r=nelsonb,relyea.
2024-10-11 04:15:43 +00:00 · 2006-04-13 22:12:17 +00:00 · 2006-04-13 22:12:17 +00:00 · b95ecf558f
commit b95ecf558f
parent 70733b42ec
1 changed files with 10 additions and 4 deletions
--- a/security/nss/lib/softoken/rsawrapr.c
+++ b/security/nss/lib/softoken/rsawrapr.c
@ -37,7 +37,7 @@
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */
-/* $Id: rsawrapr.c,v 1.8 2005/04/04 09:27:42 julien.pierre.bugs%sun.com Exp $ */
+/* $Id: rsawrapr.c,v 1.9 2006/04/13 22:12:17 wtchang%redhat.com Exp $ */

 #include "blapi.h"
 #include "softoken.h"
@ -489,7 +489,13 @@ RSA_CheckSign(NSSLOWKEYPublicKey *key,
    modulus_len = nsslowkey_PublicModulusLen(key);
    if (sign_len != modulus_len) 
    	goto failure;
-    if (hash_len > modulus_len - 8) 
+    /*
+     * 0x00 || BT || Pad || 0x00 || ActualData
+     *
+     * The "3" below is the first octet + the second octet + the 0x00
+     * octet that always comes just before the ActualData.
+     */
+    if (hash_len > modulus_len - (3 + RSA_BLOCK_MIN_PAD_LEN)) 
    	goto failure;
    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
    if (key->keyType != NSSLOWKEYRSAKey)
@ -509,11 +515,11 @@ RSA_CheckSign(NSSLOWKEYPublicKey *key,
    if (buffer[0] != 0 || buffer[1] != 1) 
    	goto loser;
    for (i = 2; i < modulus_len - hash_len - 1; i++) {
-	if (buffer[i] == 0) 
-	    break;
 	if (buffer[i] != 0xff) 
 	    goto loser;
    }
+    if (buffer[i] != 0) 
+	goto loser;

    /*
     * make sure we get the same results