improve value range validation

author: Matt Johnston <matt@ucc.asn.au> 2017-06-14 23:31:15 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2017-06-14 23:31:15 +0800
commit: c750f2e777ee72bdcb50090de5db20d7579be001 (patch)
tree: a28f5a82ce4b255d2c6fe70ed1d2145638cca0e1
parent: f0f171986237499e2033c684f0933715515f9151 (diff)
download: dropbear-c750f2e777ee72bdcb50090de5db20d7579be001.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/dss.c b/dss.c
index 1b15cf2..8f4f195 100644
--- a/dss.c
+++ b/dss.c
@@ -181,6 +181,10 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 		TRACE(("verify failed, s' >= q"))
 		goto out;
 	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, s' <= 0"))
+		goto out;
+	}
 	/* let val2 = w = (s')^-1 mod q*/
 	if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) {
 		goto out;
@@ -202,6 +206,10 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 		TRACE(("verify failed, r' >= q"))
 		goto out;
 	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, r' <= 0"))
+		goto out;
+	}
 	/* let val4 = u2 = ((r')w) mod q */
 	if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) {
 		goto out;
author	Matt Johnston <matt@ucc.asn.au>	2017-06-14 23:31:15 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2017-06-14 23:31:15 +0800
commit	c750f2e777ee72bdcb50090de5db20d7579be001 (patch)
tree	a28f5a82ce4b255d2c6fe70ed1d2145638cca0e1
parent	f0f171986237499e2033c684f0933715515f9151 (diff)
download	dropbear-c750f2e777ee72bdcb50090de5db20d7579be001.tar.gz