- Fixed possible heap overflow in pkcs1_decrypt on data larger than output

buffer after padding. For instance the premaster decryption in ssl_parse_client_key_exchange() in ssl_serv.c (Thanks to Christophe Devine)
2025-07-28 00:21:48 +03:00 · 2009-01-12 21:48:39 +00:00
parent c32c6b56ca
commit 060c56871c
3 changed files with 15 additions and 5 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -726,7 +726,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
        }

        ret = rsa_pkcs1_decrypt( ssl->rsa_key, RSA_PRIVATE, &ssl->pmslen,
-                                 ssl->in_msg + i, ssl->premaster );
+                                 ssl->in_msg + i, ssl->premaster,
+				 sizeof(ssl->premaster) );

        if( ret != 0 || ssl->pmslen != 48 ||
            ssl->premaster[0] != ssl->max_major_ver ||