From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 7 Jun 2019 15:02:17 +0000 (+0100)
Subject: [Fix] Do not assert if length of sig is bad, just fail verification
X-Git-Tag: 2.0~818
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c8baef8f0dc257d6321b1ed55dc8ffea7e76864;p=thirdparty%2Frspamd.git

[Fix] Do not assert if length of sig is bad, just fail verification
---

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 7cd5e1b133..4d42ddb383 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -590,8 +590,9 @@ rspamd_cryptobox_verify (const guchar *sig,
 	bool ret = false;
 
 	if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
-		g_assert (siglen == rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
-		ret = ed25519_verify (sig, m, mlen, pk);
+		if (siglen == rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519)) {
+			ret = ed25519_verify (sig, m, mlen, pk);
+		}
 	}
 	else {
 #ifndef HAVE_USABLE_OPENSSL