aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2014-05-19 23:25:38 +0300
committerSteve Kondik <shade@chemlab.org>2014-06-12 14:08:47 -0700
commitd0af3a719cfc0827fb2be79ebf7bc9649bbbb526 (patch)
tree847a1077d76aa2fa95f377cfa916caee12054343
parent1b6a5e9e2b8d6df6788090dc9ac8a693938d97aa (diff)
downloadandroid_external_wpa_supplicant_8-d0af3a719cfc0827fb2be79ebf7bc9649bbbb526.tar.gz
android_external_wpa_supplicant_8-d0af3a719cfc0827fb2be79ebf7bc9649bbbb526.tar.bz2
android_external_wpa_supplicant_8-d0af3a719cfc0827fb2be79ebf7bc9649bbbb526.zip
X.509: Fix internal TLS/X.509 validation of PKCS#1 signature
Verify that there is no extra data after the hash field. This is needed to avoid potential attacks using additional data to construct a value that passes the RSA operation and allows the hash value to be forged. CRs-Fixed: 654804 Change-Id: Iee0a8de08fd0f7d66b3bfd0c4396637d9b70e92f Git-commit: 9c29d48725fd40a82407a89f193cf009aeef9745 Git-repo : git://w1.fi/srv/git/hostap.git Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat
-rw-r--r--src/tls/x509v3.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 06540bff..9b498292 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1781,6 +1781,15 @@ skip_digest_oid:
return -1;
}
+ if (hdr.payload + hdr.length < data + data_len) {
+ wpa_hexdump(MSG_INFO,
+ "X509: Extra data after certificate signature hash",
+ hdr.payload + hdr.length,
+ data + data_len - hdr.payload - hdr.length);
+ os_free(data);
+ return -1;
+ }
+
os_free(data);
wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-08 21:17:32 +0000