- review fix for libnss, check hash prefix allocation size.

git-svn-id: file:///svn/unbound/trunk@2723 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 4fba2c7d343e488100f77b3099abf94c60e5886b..698d3bb9bae60770abdfeebc762efb9be6d1e358 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+25 July 2012: Wouter
+       - review fix for libnss, check hash prefix allocation size.
+
 23 July 2012: Wouter
        - fix missing break for GOST DS hash function.
        - implemented forward_first for the root.

diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index 80e3a8914a63b2acb4a0224e77816eb667fbb798..f3f861ee2a47efccd3f0c3a775cea836ad9fe605 100644 (file)
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -973,6 +973,7 @@ verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
        /* uses libNSS */
        /* large enough for the different hashes */
        unsigned char hash[HASH_LENGTH_MAX];
+       unsigned char hash2[HASH_LENGTH_MAX*2];
        HASH_HashType htype = 0;
        SECKEYPublicKey* pubkey = NULL;
        SECItem secsig = {siBuffer, sigblock, sigblock_len};
@@ -1029,7 +1030,12 @@ verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
        }
        if(prefix) {
                int hashlen = sechash.len;
-               sechash.data = PORT_ArenaAlloc(pubkey->arena, prefixlen+hashlen);
+               if(prefixlen+hashlen > sizeof(hash2)) {
+                       verbose(VERB_QUERY, "verify: hashprefix too large");
+                       SECKEY_DestroyPublicKey(pubkey);
+                       return sec_status_unchecked;
+               }
+               sechash.data = hash2;
                sechash.len = prefixlen+hashlen;
                memcpy(sechash.data, prefix, prefixlen);
                memmove(sechash.data+prefixlen, hash, hashlen);