From: Michael Brown <mcb30@ipxe.org>
Date: Sun, 18 Mar 2012 20:42:03 +0000 (+0000)
Subject: [rsa] Actually check the unused-bits byte in the public key bit string
X-Git-Tag: v1.20.1~1929
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6979e0d55c9a796fdf947909be37e2bcdca918d;p=thirdparty%2Fipxe.git

[rsa] Actually check the unused-bits byte in the public key bit string

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---

diff --git a/src/crypto/rsa.c b/src/crypto/rsa.c
index a0bf39eb8..6aa6e8971 100644
--- a/src/crypto/rsa.c
+++ b/src/crypto/rsa.c
@@ -236,12 +236,13 @@ static int rsa_init ( void *ctx, const void *key, size_t key_len ) {
 
 		/* Check and skip unused-bits byte of bit string */
 		bit_string = cursor.data;
-		if ( cursor.len < 1 ) {
+		if ( ( cursor.len < sizeof ( *bit_string ) ) ||
+		     ( bit_string->unused != 0 ) ) {
 			rc = -EINVAL;
 			goto err_parse;
 		}
-		cursor.data++;
-		cursor.len--;
+		cursor.data = &bit_string->data;
+		cursor.len -= offsetof ( typeof ( *bit_string ), data );
 
 		/* Enter RSAPublicKey */
 		asn1_enter ( &cursor, ASN1_SEQUENCE );