[openssh-commits] [openssh] 07/08: upstream: Fix bounds checking when signing messages of length
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Jun 29 12:21:34 AEST 2026
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 1cfbed8a131de166d86fbf5ac3245d55046cfab3
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Mon Jun 29 02:08:55 2026 +0000
upstream: Fix bounds checking when signing messages of length
greater than will fit in a size_t. In OpenSSH, messages sizes are bounded by
SSHBUF_SIZE_MAX so this was unreachable. From Swival scanner.
OpenBSD-Commit-ID: 31ab874abe21a528fa995d78023c5ad9444a31e1
---
ed25519-openssl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ed25519-openssl.c b/ed25519-openssl.c
index d45effdca..bea1572df 100644
--- a/ed25519-openssl.c
+++ b/ed25519-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ed25519-openssl.c,v 1.2 2026/06/14 03:59:34 djm Exp $ */
+/* $OpenBSD: ed25519-openssl.c,v 1.3 2026/06/29 02:08:55 djm Exp $ */
/*
* Copyright (c) 2025 OpenSSH
*
@@ -194,6 +194,10 @@ crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen,
debug3_f("signed message bad length: %llu", smlen);
return -1;
}
+ if (smlen - crypto_sign_ed25519_BYTES > SIZE_MAX) {
+ debug3_f("signed message too long: %llu", smlen);
+ return -1;
+ }
/* Signature is first crypto_sign_ed25519_BYTES, message follows */
msg = sm + crypto_sign_ed25519_BYTES;
msglen = smlen - crypto_sign_ed25519_BYTES;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list