crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()

BugLink: https://bugs.launchpad.net/bugs/1969110
commit a24611ea356c7f3f0ec926da11b9482ac1f414fd upstream.

Before checking whether the expected digest_info is present, we need to
check that there are enough bytes remaining.

Fixes: a49de377e051 ("crypto: Add hash param to pkcs1pad")
Cc: <stable@vger.kernel.org> # v4.6+
Cc: Tadeusz Struk <tadeusz.struk@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2221a0f6c90ca807286923bc400c408d2f360676)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 6b556ddeb3a00833b91ca16237c369a6d1fd9ffc..9d804831c8b3f9d1dba390cd6f92aab574af7967 100644 (file)
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -476,6 +476,8 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
        pos++;
 
        if (digest_info) {
+               if (digest_info->size > dst_len - pos)
+                       goto done;
                if (crypto_memneq(out_buf + pos, digest_info->data,
                                  digest_info->size))
                        goto done;