doc/share/security/patches/SA-06:19/openssl.patch

Index: crypto/openssl/crypto/rsa/rsa_sign.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_sign.c,v
retrieving revision 1.1.1.7
diff -u -I__FBSDID -r1.1.1.7 rsa_sign.c
--- crypto/openssl/crypto/rsa/rsa_sign.c	29 Jul 2006 19:10:19 -0000	1.1.1.7
+++ crypto/openssl/crypto/rsa/rsa_sign.c	6 Sep 2006 15:37:11 -0000
@@ -185,6 +185,23 @@
 		sig=d2i_X509_SIG(NULL,&p,(long)i);
 
 		if (sig == NULL) goto err;
+
+		/* Excess data can be used to create forgeries */
+		if(p != s+i)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
+		/* Parameters to the signature algorithm can also be used to
+		   create forgeries */
+		if(sig->algor->parameter
+		   && sig->algor->parameter->type != V_ASN1_NULL)
+			{
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+
 		sigtype=OBJ_obj2nid(sig->algor->algorithm);