Date: Mon, 13 Dec 1999 12:35:29 -0500 (EST) From: spork <spork@super-g.com> To: Kris Kennaway <kris@hub.freebsd.org> Cc: Mike Tancsa <mike@sentex.net>, security@FreeBSD.ORG Subject: Re: RSAREF updated patch (was Re: Security Advisory: Buffer overflow in RSAREF2 (fwd)) Message-ID: <Pine.BSF.4.00.9912131231320.15202-200000@super-g.inch.com> In-Reply-To: <Pine.BSF.4.21.9912110231290.66028-100000@hub.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
I see it was committed this morning, but it appears to be broken:
ftp> get rsaref.tar
local: rsaref.tar remote: rsaref.tar
root@ass[/usr/ports/security]# tar xvf rsaref.tar
root@ass[/usr/ports/security/rsaref]# date
Mon Dec 13 12:31:35 EST 1999
root@ass[/usr/ports/security/rsaref]# make
===> Extracting for rsaref-2.0
>> Checksum OK for rsaref20.1996.tar.Z.
===> Patching for rsaref-2.0
===> Applying FreeBSD patches for rsaref-2.0
4 out of 4 hunks failed--saving rejects to rsa.c.rej
*** Error code 4
Stop.
*** Error code 1
If I back out of ver 1.2, all is well.
Just an fyi...
Thanks,
Charles
On Sat, 11 Dec 1999, Kris Kennaway wrote:
> On Fri, 10 Dec 1999, Mike Tancsa wrote:
>
> > There seems to be another update posted to BUGTRAQ around this issue. Here
> > is part of the post.
>
> Yes, I saw it - I'll get this committed as soon as the ports freeze for
> 3.4 is up. It's a shame this arrived a few hours after the freeze,
> although since we don't ship any rsaref-containing binaries (or any other
> crypto binaries) on CD it's not quite so bad.
>
> Kris
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
[-- Attachment #2 --]
***************
*** 33,38 ****
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
--- 33,41 ----
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+ modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
***************
*** 78,83 ****
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
--- 81,89 ----
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+ modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
***************
*** 128,133 ****
int status;
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
--- 134,142 ----
int status;
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ + if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
***************
*** 168,173 ****
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
--- 177,185 ----
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+ modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9912131231320.15202-200000>