Open karel-m opened 3 days ago
Possible fix from https://bugs.debian.org/1082952
From c912db56833f8357900b1e798f9c0d8d0daa5b46 Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Tue, 1 Oct 2024 18:28:14 +0000
Subject: [PATCH] Fix SSH RSA key decryption on 64-bit big endian hosts
Bug-Debian: https://bugs.debian.org/1082952
---
src/ltc/misc/pem/pem_ssh.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/ltc/misc/pem/pem_ssh.c b/src/ltc/misc/pem/pem_ssh.c
index 00ae4480..8114f231 100644
--- a/src/ltc/misc/pem/pem_ssh.c
+++ b/src/ltc/misc/pem/pem_ssh.c
@@ -675,14 +675,18 @@ static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_o
opts->name = "none";
} else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) {
opts->name = "bcrypt";
- opts->saltlen = sizeof(opts->salt);
+ unsigned long saltlen = sizeof(opts->salt);
len = kdfoptionslen;
if ((err = ssh_decode_sequence_multi(kdfoptions, &len,
- LTC_SSHDATA_STRING, opts->salt, &opts->saltlen,
+ LTC_SSHDATA_STRING, opts->salt, &saltlen,
LTC_SSHDATA_UINT32, &opts->num_rounds,
LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) {
return err;
}
+ if (saltlen > 0xffffffff) {
+ return CRYPT_INPUT_TOO_LONG;
+ }
+ opts->saltlen = (ulong32) saltlen;
if (len != kdfoptionslen) {
return CRYPT_INPUT_TOO_LONG;
}
--
2.45.2
Originally reported here https://github.com/DCIT/perl-CryptX/issues/111