diff options
author | Colin Walters <walters@verbum.org> | 2022-07-14 14:42:19 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2022-07-14 17:13:51 -0400 |
commit | 83e6357186be11fb8f2a6b66fab3730c44ee59dd (patch) | |
tree | c8fd1088622eaea64f9a5613fe2dc4e07cf84988 /rust-bindings | |
parent | ed1146738b9aa687c7dabb0a4fd8dc2ad16244ce (diff) | |
download | ostree-83e6357186be11fb8f2a6b66fab3730c44ee59dd.tar.gz |
sign/ed25519: Verify signatures are minimum length
The ed25519 signature verification code does not
check that the signature is a minimum/correct length.
As a result, if the signature is too short, libsodium will end up
reading a few bytes out of bounds.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
Diffstat (limited to 'rust-bindings')
0 files changed, 0 insertions, 0 deletions