head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.1.0.54 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.52 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.50 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.48 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.46 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.44 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.42 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.40 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.38 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.36 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.34 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.32 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.30 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.28 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.26 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.24 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.22 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.20 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.18 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.16 pkgsrc-2008Q1:1.1.0.14 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.12 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.10 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.8 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.6 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.4 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.2 pkgsrc-2006Q3-base:1.1; locks; strict; comment @# @; 1.2 date 2012.12.12.22.04.50; author gendalia; state dead; branches; next 1.1; 1.1 date 2006.09.22.13.58.46; author kivinen; state Exp; branches; next ; desc @@ 1.2 log @"Hygiene demands it." Sources are from 2003, current tectia client/server has vulnterabilities, there are no security eyes on this version. @ text @$NetBSD: patch-bg,v 1.1 2006/09/22 13:58:46 kivinen Exp $ --- lib/sshcrypto/sshpk/sshrgf.c.orig 2003-12-03 15:17:33.000000000 +0200 +++ lib/sshcrypto/sshpk/sshrgf.c @@@@ -412,6 +412,7 @@@@ rgf_pkcs1_verify(Boolean do_unpad, unsigned char *digest; size_t digest_len, return_len; Boolean rv; + int ps_len, digestinfo_len; if (hash->context == NULL) return SSH_RGF_OP_FAILED; @@@@ -419,6 +420,9 @@@@ rgf_pkcs1_verify(Boolean do_unpad, *output_msg = NULL; *output_msg_len = 0; + ps_len = 0; + digestinfo_len = 0; + /* Decode the msg. */ if ((ber_buf = ssh_malloc(max_output_msg_len)) == NULL) return SSH_RGF_OP_FAILED; @@@@ -457,8 +461,25 @@@@ rgf_pkcs1_verify(Boolean do_unpad, (*hash->def->rgf_hash_finalize)(hash, digest); hash_oid = (*hash->def->rgf_hash_asn1_oid)(hash); + /* size of 'ff' padding */ + for(ps_len = 0; decrypted_signature[ps_len+2] == 255; ps_len++) + ; + + /* size of encoded digestinfo from the signature */ + switch(decrypted_signature[ps_len+4]){ + case 0x20: + digestinfo_len = 18; + break; + case 0x21: + digestinfo_len = 15; + break; + default : + digestinfo_len = 19; + } + /* Compare. */ - if (hash_oid == NULL || digest_len != return_len) + if (hash_oid == NULL || digest_len != return_len || + digestinfo_len + digest_len + 3 + ps_len != decrypted_signature_len) { ssh_free(oid); ssh_free(temp_buf); @ 1.1 log @ Fixed RSA e=3 bug (most likely nobody uses e=3 rsa keys on ssh anyways, but better to make sure). Fixed some more ssh_*_{en,de}code calls missing necessary casts. Disabled x11-security extension on x86_64 as it does not work there (uses xauth instead). Updated pkgrevision. @ text @d1 1 a1 1 $NetBSD$ @