From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Mon, 19 May 2014 20:25:38 +0000 (+0300)
Subject: X.509: Fix internal TLS/X.509 validation of PKCS#1 signature
X-Git-Tag: hostap_2_2~92
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c29d48725fd40a82407a89f193cf009aeef9745;p=thirdparty%2Fhostap.git

X.509: Fix internal TLS/X.509 validation of PKCS#1 signature

Verify that there is no extra data after the hash field. This is needed
to avoid potential attacks using additional data to construct a value
that passes the RSA operation and allows the hash value to be forged.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index a9483cb7f..751a268e1 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1783,6 +1783,15 @@ skip_digest_oid:
 		return -1;
 	}
 
+	if (hdr.payload + hdr.length < data + data_len) {
+		wpa_hexdump(MSG_INFO,
+			    "X509: Extra data after certificate signature hash",
+			    hdr.payload + hdr.length,
+			    data + data_len - hdr.payload - hdr.length);
+		os_free(data);
+		return -1;
+	}
+
 	os_free(data);
 
 	wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "