The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


RSAREF2 buffer overflow patch


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Fri, 10 Dec 1999 22:24:01 -0300
From: Gerardo Richarte <[email protected]>
To: [email protected]
Subject: RSAREF2 buffer overflow patch

    While exchanging emails with CERT about the problem in RSAREF2 they
told me that somebody anonymous observed that there may be problem on
the
patch we released for RSAREF2. Together we produced a new version of
this
patch, which you can find in
ftp://www.core-sdi.com/pub/patches/rsaref2.patch
or at the end of this email.
    While we [Core SDI S.A.] and the CERT are not aware of any exploit
that bypasses
the checks performed by the previous version, this new version is more
strict than the
other, so we recommend you to use it.
    We still think that RSAREF's problem need to be solved a little
better that with a
patch, but still this is more than what we can legally do... while it's
obligatory to use
RSAREF [only] in the USA, nobody can legally alter its sources, so be
careful when
changing them.

    richie

PS: You must apply this new patch to the original version of rsa.c.

--------------------------------------- rsaref2.patch
*** rsa.original.c Fri Mar 26 14:01:48 1994
--- rsa.c Fri Dec 10 12:56:34 1999
***************
*** 33,38 ****
--- 33,41 ----
    unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
    unsigned int i, modulusLen;

+   if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+     return (RE_LEN);
+
    modulusLen = (publicKey->bits + 7) / 8;
    if (inputLen + 11 > modulusLen)
      return (RE_LEN);
***************
*** 78,83 ****
--- 81,89 ----
    unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
    unsigned int i, modulusLen, pkcsBlockLen;

+   if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+     return (RE_LEN);
+
    modulusLen = (publicKey->bits + 7) / 8;
    if (inputLen > modulusLen)
      return (RE_LEN);
***************
*** 128,133 ****
--- 134,142 ----
    int status;
    unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
    unsigned int i, modulusLen;
+
+   if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+     return (RE_LEN);

    modulusLen = (privateKey->bits + 7) / 8;
    if (inputLen + 11 > modulusLen)
***************
*** 168,173 ****
--- 177,185 ----
    unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
    unsigned int i, modulusLen, pkcsBlockLen;

+   if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+     return (RE_LEN);
+
    modulusLen = (privateKey->bits + 7) / 8;
    if (inputLen > modulusLen)
      return (RE_LEN);


--
A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0
Investigacion y Desarrollo - CoreLabs - Core SDI
http://www.core-sdi.com



--- For a personal reply use [email protected]

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру