[PATCH v2 4/5] crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()

From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Cc: keyrings@vger.kernel.org, Vitaly Chikunov <vt@altlinux.org>,
	Denis Kenzior <denkenz@gmail.com>,
	stable@vger.kernel.org, Tadeusz Struk <tadeusz.struk@linaro.org>
Subject: [PATCH v2 4/5] crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
Date: Tue, 18 Jan 2022 16:13:05 -0800	[thread overview]
Message-ID: <20220119001306.85355-5-ebiggers@kernel.org> (raw)
In-Reply-To: <20220119001306.85355-1-ebiggers@kernel.org>

From: Eric Biggers <ebiggers@google.com>

Before checking whether the expected digest_info is present, we need to
check that there are enough bytes remaining.

Fixes: a49de377e051 ("crypto: Add hash param to pkcs1pad")
Cc: <stable@vger.kernel.org> # v4.6+
Cc: Tadeusz Struk <tadeusz.struk@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/rsa-pkcs1pad.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 6b556ddeb3a00..9d804831c8b3f 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -476,6 +476,8 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
 	pos++;
 
 	if (digest_info) {
+		if (digest_info->size > dst_len - pos)
+			goto done;
 		if (crypto_memneq(out_buf + pos, digest_info->data,
 				  digest_info->size))
 			goto done;
-- 
2.34.1

