• Paul Bakker's avatar
    Add a check for buffer overflow to pkcs11_sign() · db1f0598
    Paul Bakker authored
    pkcs11_sign() reuses *sig to store the header and hash, but those might
    be larger than the actual sig, causing a buffer overflow.
    An overflow can occur when using raw sigs with hashlen > siglen, or when
    the RSA key is less than 664 bits long (or less when using hashes
    shorter than SHA512)
    As siglen is always within the 'low realm' < 32k, an overflow of asnlen
    + hashlen is not possible.
pkcs11.c 6 KB