The `salt_len` field is signed because negative values are used to indicate
automatic salt lengths when generating signatures. This must never be the
case when validating them.
Not checking this could lead to an integer overflow below. The value is
assigned to the `len` field of a chunk (`size_t`), which is further used
in calculations to check the padding structure and (if that is passed by
a matching crafted signature value) eventually a memcpy() that will result
in a segmentation fault.
Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification")
Fixes: CVE-2021-41990
int i;
bool success = FALSE;
- if (!params)
+ if (!params || params->salt_len < 0)
{
return FALSE;
}