shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-07 02:39:48 +09:00
Code Issues Packages Projects Releases Wiki Activity

Do not accept signatures not meeting size requirements

Browse Source 
Thanks to Harry Sintonen from WithSecure for pointing this out.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2022-05-10 11:39:23 +02:00
parent 41b4d50e52
commit ddd0367e9c
2 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/pki.c
View File

@@ -2460,6 +2460,7 @@ int ssh_pki_signature_verify(ssh_session session,
size_t input_len)
{
int rc;
bool allowed;
enum ssh_keytypes_e key_type;
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
@@ -2480,6 +2481,13 @@ int ssh_pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
allowed = ssh_key_size_allowed(session, key);
if (!allowed) {
ssh_set_error(session, SSH_FATAL, "The '%s' key of size %d is not "
"allowd by RSA_MIN_SIZE", key->type_c, ssh_key_size(key));
return SSH_ERROR;
}
/* Check if public key and hash type are compatible */
rc = pki_key_check_hash_compatible(key, sig->hash_type);
if (rc != SSH_OK) {