Merge pull request #2696 from lucab/ups/rhel8-GHSA-gqf4-p3gv-g8vw

sign/ed25519: Verify signatures are minimum length
author: Luca Bruno <luca.bruno@coreos.com> 2022-08-19 13:38:25 +0000
committer: GitHub <noreply@github.com> 2022-08-19 13:38:25 +0000
commit: 988dfb30e994b3aa919393585e86f05279878e62 (patch)
tree: 234a1a8f739814e4376afe151bbfef0dbb575465
parent: 2c0e8412b3dfb181183963d75a28accda2823bd6 (diff)
parent: 56820e54392efc5dd59032f8872aaf219190ad4f (diff)
download: ostree-988dfb30e994b3aa919393585e86f05279878e62.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
index 809ffe87..f271fd49 100644
--- a/src/libostree/ostree-sign-ed25519.c
+++ b/src/libostree/ostree-sign-ed25519.c
@@ -209,6 +209,9 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
       g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
       g_autoptr (GBytes) signature = g_variant_get_data_as_bytes(child);
 
+      if (g_bytes_get_size (signature) != crypto_sign_BYTES)
+        return glnx_throw (error, "Invalid signature length of %" G_GSIZE_FORMAT " bytes, expected %" G_GSIZE_FORMAT, (gsize) g_bytes_get_size (signature), (gsize) crypto_sign_BYTES);
+
       g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
 
       g_debug("Read signature %d: %s", (gint)i, g_variant_print(child, TRUE));
author	Luca Bruno <luca.bruno@coreos.com>	2022-08-19 13:38:25 +0000
committer	GitHub <noreply@github.com>	2022-08-19 13:38:25 +0000
commit	988dfb30e994b3aa919393585e86f05279878e62 (patch)
tree	234a1a8f739814e4376afe151bbfef0dbb575465
parent	2c0e8412b3dfb181183963d75a28accda2823bd6 (diff)
parent	56820e54392efc5dd59032f8872aaf219190ad4f (diff)
download	ostree-988dfb30e994b3aa919393585e86f05279878e62.tar.gz