[OPENDNSSEC-540] Possible integer overflow in hsm_get_key_size_ecdsa - OpenDNSSEC

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: libhsm
Labels:
None

Epic Link:
General 2.0 developments
Sprint:
2.0.0a4

Description

Since revision 7493, function hsm_get_key_size_ecdsa contains a possible integer overflow.

The bits variable is calculated by multiplying by 4 (8/2) the value_len returned by hsm_get_key_ecdsa_value. If the HSM cannot be trusted, this value cannot be trusted either.

This means that an adversarial HSM could return a very large value_len, thus causing the multiplication by 4 to overflow, resulting in a incorrect returned value.

Although, I have not found any potential vulnerability relying on this overflow, a integer overflow check should be performed as the return value of this function could very well be used, someday, to do something more complex than just displaying the (wrong) result.

A quick and very dirty fix can be found in attachment.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

ecdsa_size_intoverflow.patch
0.3 kB
2014-01-30 16:13

Issue Links

clones

SUPPORT-112 Possible integer overflow in hsm_get_key_size_ecdsa

Closed

Activity

People

Assignee:: Jakob Schlyter

Reporter:: Florian Maury

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2014-01-30 16:13

Updated:: 2016-04-21 10:19

Resolved:: 2014-01-30 16:19