lib/auth/rsa: check that ciphertext matches the modulus size
A client sending extremely short premaster secret as part of an
RSA key exchange could've theoretically triggered a short heap overread
to nowhere when the RSA key was backed with a PKCS#11 token.
With this fix, the internal decryption function will not be called
with an mismatching plaintext length specified, avoiding the overread.
Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu> Fixes: #1814 Fixes: CVE-2026-5260 Fixes: GNUTLS-SA-2026-04-29-10
CVSS: 5.9 Medium CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
projects / thirdparty / gnutls.git / commit
