- djm@cvs.openbsd.org 2014/02/23 20:03:42
[ssh-ed25519.c]
check for unsigned overflow; not reachable in OpenSSH but others might
copy our code...
diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index 56c480d..160d1f2 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ed25519.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: ssh-ed25519.c,v 1.3 2014/02/23 20:03:42 djm Exp $ */
/*
* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
*
@@ -21,6 +21,7 @@
#include "crypto_api.h"
+#include <limits.h>
#include <string.h>
#include <stdarg.h>
@@ -45,6 +46,11 @@
error("%s: no ED25519 key", __func__);
return -1;
}
+
+ if (datalen >= UINT_MAX - crypto_sign_ed25519_BYTES) {
+ error("%s: datalen %u too long", __func__, datalen);
+ return -1;
+ }
smlen = slen = datalen + crypto_sign_ed25519_BYTES;
sig = xmalloc(slen);