Date: Mon, 13 Dec 1999 13:21:08 -0500 (EST) From: "Chris D. Faulhaber" <jedgar@fxp.org> To: Kris Kennaway <kris@hub.freebsd.org> Cc: spork <spork@super-g.com>, Mike Tancsa <mike@sentex.net>, security@FreeBSD.ORG, asami@freebsd.org Subject: Re: RSAREF updated patch (was Re: Security Advisory: Buffer overflow in RSAREF2 (fwd)) Message-ID: <Pine.BSF.4.21.9912131315140.50988-200000@earth.fxp> In-Reply-To: <Pine.BSF.4.21.9912131000340.69074-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Mon, 13 Dec 1999, Kris Kennaway wrote:
> Hmm, Satoshi? I did warn you I couldn't test the port :-)
>
> Kris
>
> On Mon, 13 Dec 1999, spork wrote:
>
> > I see it was committed this morning, but it appears to be broken:
> >
> > ftp> get rsaref.tar
> > local: rsaref.tar remote: rsaref.tar
> >
> > root@ass[/usr/ports/security]# tar xvf rsaref.tar
> >
> > root@ass[/usr/ports/security/rsaref]# date
> > Mon Dec 13 12:31:35 EST 1999
> > root@ass[/usr/ports/security/rsaref]# make
> > ===> Extracting for rsaref-2.0
> > >> Checksum OK for rsaref20.1996.tar.Z.
> > ===> Patching for rsaref-2.0
> > ===> Applying FreeBSD patches for rsaref-2.0
> > 4 out of 4 hunks failed--saving rejects to rsa.c.rej
> > *** Error code 4
> >
The problem with the patch is whitespace. Attached is patch-ac with the
correct whitespace...tested to compile and work with openssl and openssh.
-----
Chris D. Faulhaber | You can ISO9001 certify the process of
System/Network Administrator, | shooting yourself in the foot, so long
Reality Check Information, Inc. | as the process is documented and reliably
<jedgar@fxp.org> | produces the proper result.
[-- Attachment #2 --]
--- rsa.c.orig Fri Mar 25 14:01:48 1994
+++ rsa.c Mon Dec 13 13:10:28 1999
@@ -33,6 +33,9 @@
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -78,6 +81,9 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
@@ -128,6 +134,9 @@
int status;
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
@@ -168,6 +177,9 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9912131315140.50988-200000>