diff options
author | dveditz%cruzio.com <devnull@localhost> | 2006-10-16 06:01:32 +0000 |
---|---|---|
committer | dveditz%cruzio.com <devnull@localhost> | 2006-10-16 06:01:32 +0000 |
commit | 1b742e514f267cbe16fef935d31aa7df837e2207 (patch) | |
tree | 89065b97e327e2c68eaf3851b13e21a37ddc810a | |
parent | 3700fac333746146b8b7a02fb1f4c29908a0d481 (diff) | |
download | nss-hg-1b742e514f267cbe16fef935d31aa7df837e2207.tar.gz |
bug 356215, r=wtchang, a=dveditzTHUNDERBIRD_1_5_0_9_RELEASETHUNDERBIRD_1_5_0_9_RC1THUNDERBIRD_1_5_0_8_RELEASETHUNDERBIRD_1_5_0_8_RC1SEAMONKEY_1_0_7_RELEASESEAMONKEY_1_0_6_RELEASEFIREFOX_1_5_0_9_RELEASEFIREFOX_1_5_0_9_RC1FIREFOX_1_5_0_8_RELEASEFIREFOX_1_5_0_8_RC2FIREFOX_1_5_0_8_RC1
-rw-r--r-- | security/nss/lib/softoken/rsawrapr.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/security/nss/lib/softoken/rsawrapr.c b/security/nss/lib/softoken/rsawrapr.c index b40a30d80..2ae3039e7 100644 --- a/security/nss/lib/softoken/rsawrapr.c +++ b/security/nss/lib/softoken/rsawrapr.c @@ -489,7 +489,13 @@ RSA_CheckSign(NSSLOWKEYPublicKey *key, modulus_len = nsslowkey_PublicModulusLen(key); if (sign_len != modulus_len) goto failure; - if (hash_len > modulus_len - 8) + /* + * 0x00 || BT || Pad || 0x00 || ActualData + * + * The "3" below is the first octet + the second octet + the 0x00 + * octet that always comes just before the ActualData. + */ + if (hash_len > modulus_len - (3 + RSA_BLOCK_MIN_PAD_LEN)) goto failure; PORT_Assert(key->keyType == NSSLOWKEYRSAKey); if (key->keyType != NSSLOWKEYRSAKey) @@ -509,11 +515,11 @@ RSA_CheckSign(NSSLOWKEYPublicKey *key, if (buffer[0] != 0 || buffer[1] != 1) goto loser; for (i = 2; i < modulus_len - hash_len - 1; i++) { - if (buffer[i] == 0) - break; if (buffer[i] != 0xff) goto loser; } + if (buffer[i] != 0) + goto loser; /* * make sure we get the same results |