delta/ostree.git - github.com: ostreedev/ostree.git

diff options

author	Colin Walters <walters@verbum.org>	2022-07-14 14:42:19 -0400
committer	Colin Walters <walters@verbum.org>	2022-07-14 17:13:51 -0400
commit	83e6357186be11fb8f2a6b66fab3730c44ee59dd (patch)
tree	c8fd1088622eaea64f9a5613fe2dc4e07cf84988 /rust-bindings
parent	ed1146738b9aa687c7dabb0a4fd8dc2ad16244ce (diff)
download	ostree-83e6357186be11fb8f2a6b66fab3730c44ee59dd.tar.gz

sign/ed25519: Verify signatures are minimum length

The ed25519 signature verification code does not check that the signature is a minimum/correct length. As a result, if the signature is too short, libsodium will end up reading a few bytes out of bounds. Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com> Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw

Diffstat (limited to 'rust-bindings')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: