]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 77228f2)
lib/pkcs11_privkey: guard against overreading on short ciphertexts
authorAlexander Sosedkin <asosedkin@redhat.com>
Mon, 30 Mar 2026 15:46:40 +0000 (17:46 +0200)
committerAlexander Sosedkin <asosedkin@redhat.com>
Wed, 29 Apr 2026 13:35:03 +0000 (15:35 +0200)
This is an alternative fix for the callee side.

Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
Fixes: #1814
Fixes: CVE-2026-5260
Fixes: GNUTLS-SA-2026-04-29-10
CVSS: 5.9 Medium CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
lib/pkcs11_privkey.c patch | blob | blame | history

diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 7f5db8d264b800dfbd7ea93596bcd18be5fb1269..ea5054978d6f770d0b921de372c10db15c0d8023 100644 (file)
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -838,7 +838,7 @@ int _gnutls_pkcs11_privkey_decrypt_data2(gnutls_pkcs11_privkey_t key,
        if (ret != 0)
                return gnutls_assert_val(GNUTLS_E_LOCKING_ERROR);
 
-       buffer = gnutls_malloc(siglen);
+       buffer = gnutls_malloc(MAX((size_t)siglen, plaintext_size));
        if (!buffer) {
                gnutls_assert();
                return GNUTLS_E_MEMORY_ERROR;
Mirror of https://gitlab.com/gnutls/gnutls.git