SilcUInt32 dest_data_size,
SilcUInt32 *dest_len)
{
- int i = 0;
+ SilcUInt32 i = 0;
SILC_LOG_DEBUG(("PKCS#1 decoding, bt %d", bt));
}
/* Sanity checks */
+ if (i >= data_len) {
+ SILC_LOG_DEBUG(("Malformed block"));
+ return FALSE;
+ }
+ if (i < SILC_PKCS1_MIN_PADDING) {
+ SILC_LOG_DEBUG(("Malformed block"));
+ return FALSE;
+ }
if (data[i++] != 0x00) {
SILC_LOG_DEBUG(("Malformed block"));
return FALSE;
}
- if (i - 1 < SILC_PKCS1_MIN_PADDING) {
+ if (i >= data_len) {
SILC_LOG_DEBUG(("Malformed block"));
return FALSE;
}
/* MP to data */
padded = silc_mp_mp2bin(&mp_dst, (key->bits + 7) / 8, &padded_len);
+ if (!padded) {
+ silc_mp_uninit(&mp_tmp);
+ silc_mp_uninit(&mp_dst);
+ return FALSE;
+ }
/* Unpad data */
if (!silc_pkcs1_decode(SILC_PKCS1_BT_PUB, padded, padded_len,
SilcBool ret = FALSE;
SilcMPInt mp_tmp2;
SilcMPInt mp_dst;
- unsigned char *verify, unpadded[2048 + 1], hashr[SILC_HASH_MAXLEN];
+ unsigned char *verify = NULL, unpadded[65536 + 1], hashr[SILC_HASH_MAXLEN];
SilcUInt32 verify_len, len = (key->bits + 7) / 8;
SilcBufferStruct di, ldi;
SilcHash ihash = NULL;
/* MP to data */
verify = silc_mp_mp2bin(&mp_dst, len, &verify_len);
+ if (!verify)
+ goto err;
/* Unpad data */
if (!silc_pkcs1_decode(SILC_PKCS1_BT_PRV1, verify, verify_len,
return ret;
err:
- memset(verify, 0, verify_len);
- silc_free(verify);
+ if (verify) {
+ memset(verify, 0, verify_len);
+ silc_free(verify);
+ }
silc_mp_uninit(&mp_tmp2);
silc_mp_uninit(&mp_dst);
if (ihash)
/* MP to data */
verify = silc_mp_mp2bin(&mp_dst, len, &verify_len);
+ if (!verify) {
+ silc_mp_uninit(&mp_tmp2);
+ silc_mp_uninit(&mp_dst);
+ return FALSE;
+ }
/* Unpad data */
if (!silc_pkcs1_decode(SILC_PKCS1_BT_PRV1, verify, verify_len,
projects / silc.git / blobdiff