fix integer overflow in XMSS private key parsing. Reported by

Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@
author: djm <djm@openbsd.org> 2019-10-09 00:02:57 +0000
committer: djm <djm@openbsd.org> 2019-10-09 00:02:57 +0000
commit: 42e35d48fb40ba24be45c208523582096baabae6 (patch)
tree: bc4b4f464b802c8a31b21e553a37f9aec1ece1e7
parent: Correct type for end-of-list sentinel; fixes initializer warnings on (diff)
download: wireguard-openbsd-42e35d48fb40ba24be45c208523582096baabae6.tar.xz
wireguard-openbsd-42e35d48fb40ba24be45c208523582096baabae6.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshkey-xmss.c b/usr.bin/ssh/sshkey-xmss.c
index 883ea57303e..7495f9288bf 100644
--- a/usr.bin/ssh/sshkey-xmss.c
+++ b/usr.bin/ssh/sshkey-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.c,v 1.5 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */
 /*
  * Copyright (c) 2017 Markus Friedl.  All rights reserved.
  *
@@ -971,7 +971,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded,
 		goto out;
 	}
 	/* check that an appropriate amount of auth data is present */
-	if (sshbuf_len(encoded) < encrypted_len + authlen) {
+	if (sshbuf_len(encoded) < authlen ||
+	    sshbuf_len(encoded) - authlen < encrypted_len) {
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
author	djm <djm@openbsd.org>	2019-10-09 00:02:57 +0000
committer	djm <djm@openbsd.org>	2019-10-09 00:02:57 +0000
commit	42e35d48fb40ba24be45c208523582096baabae6 (patch)
tree	bc4b4f464b802c8a31b21e553a37f9aec1ece1e7
parent	Correct type for end-of-list sentinel; fixes initializer warnings on (diff)
download	wireguard-openbsd-42e35d48fb40ba24be45c208523582096baabae6.tar.xz wireguard-openbsd-42e35d48fb40ba24be45c208523582096baabae6.zip