[openssh-commits] [openssh] 07/08: upstream: Fix bounds checking when signing messages of length

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Jun 29 12:21:34 AEST 2026


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 1cfbed8a131de166d86fbf5ac3245d55046cfab3
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Mon Jun 29 02:08:55 2026 +0000

    upstream: Fix bounds checking when signing messages of length
    
    greater than will fit in a size_t. In OpenSSH, messages sizes are bounded by
    SSHBUF_SIZE_MAX so this was unreachable. From Swival scanner.
    
    OpenBSD-Commit-ID: 31ab874abe21a528fa995d78023c5ad9444a31e1
---
 ed25519-openssl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ed25519-openssl.c b/ed25519-openssl.c
index d45effdca..bea1572df 100644
--- a/ed25519-openssl.c
+++ b/ed25519-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ed25519-openssl.c,v 1.2 2026/06/14 03:59:34 djm Exp $ */
+/* $OpenBSD: ed25519-openssl.c,v 1.3 2026/06/29 02:08:55 djm Exp $ */
 /*
  * Copyright (c) 2025 OpenSSH
  *
@@ -194,6 +194,10 @@ crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen,
 		debug3_f("signed message bad length: %llu", smlen);
 		return -1;
 	}
+	if (smlen - crypto_sign_ed25519_BYTES > SIZE_MAX) {
+		debug3_f("signed message too long: %llu", smlen);
+		return -1;
+	}
 	/* Signature is first crypto_sign_ed25519_BYTES, message follows */
 	msg = sm + crypto_sign_ed25519_BYTES;
 	msglen = smlen - crypto_sign_ed25519_BYTES;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list