From bee3a234f3d1ad4244952bcff1b4b7c525330dc2 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 24 Feb 2014 15:57:22 +1100
Subject:    - djm@cvs.openbsd.org 2014/02/23 20:03:42      [ssh-ed25519.c]    
  check for unsigned overflow; not reachable in OpenSSH but others might     
 copy our code...

---
 ssh-ed25519.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'ssh-ed25519.c')

diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index 56c480df..160d1f23 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ed25519.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: ssh-ed25519.c,v 1.3 2014/02/23 20:03:42 djm Exp $ */
 /*
  * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
  *
@@ -21,6 +21,7 @@
 
 #include "crypto_api.h"
 
+#include <limits.h>
 #include <string.h>
 #include <stdarg.h>
 
@@ -45,6 +46,11 @@ ssh_ed25519_sign(const Key *key, u_char **sigp, u_int *lenp,
 		error("%s: no ED25519 key", __func__);
 		return -1;
 	}
+
+	if (datalen >= UINT_MAX - crypto_sign_ed25519_BYTES) {
+		error("%s: datalen %u too long", __func__, datalen);
+		return -1;
+	}
 	smlen = slen = datalen + crypto_sign_ed25519_BYTES;
 	sig = xmalloc(slen);
 
-- 
cgit v1.2.1