This is a note to let you know that I've just added the patch titled

    digsig: add hash size comparision on signature verification

to the 3.4-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     digsig-add-hash-size-comparision-on-signature-verification.patch
and it can be found in the queue-3.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From bc01637a80f5b670bd70a0279d3f93fa8de1c96d Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <[email protected]>
Date: Wed, 12 Sep 2012 13:26:55 +0300
Subject: digsig: add hash size comparision on signature verification

From: Dmitry Kasatkin <[email protected]>

commit bc01637a80f5b670bd70a0279d3f93fa8de1c96d upstream.

When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do
not match, hash comparision is not done and digsig_verify_rsa() returns
no error.  This is a bug and this patch fixes it.

The bug was introduced in v3.3 by commit b35e286a640f ("lib/digsig:
pkcs_1_v1_5_decode_emsa cleanup").

Signed-off-by: Dmitry Kasatkin <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 lib/digsig.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -163,9 +163,11 @@ static int digsig_verify_rsa(struct key
        memcpy(out1 + head, p, l);
 
        err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
+       if (err)
+               goto err;
 
-       if (!err && len == hlen)
-               err = memcmp(out2, h, hlen);
+       if (len != hlen || memcmp(out2, h, hlen))
+               err = -EINVAL;
 
 err:
        mpi_free(in);


Patches currently in stable-queue which might be from [email protected] 
are

queue-3.4/digsig-add-hash-size-comparision-on-signature-verification.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to