From: Panu Matilainen <pmatilai@redhat.com>
Date: Thu, 16 Apr 2009 08:08:25 +0000 (+0300)
Subject: Pad RSA signatures up to modulus size if necessary (rhbz#494049)
X-Git-Tag: rpm-4.7.0~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8d0f65f7f7c46c375c886534429fe1601b7aa746;p=platform%2Fupstream%2Frpm.git

Pad RSA signatures up to modulus size if necessary (rhbz#494049)
- unfortunately can't be detected at initial allocation so extra
  copy is needed at verification time
- this is commit 4c39a9df93c962c69e23ff48789cb950a105a44b backported
---

diff --git a/lib/signature.c b/lib/signature.c
index 9ca8da5..a501f3e 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -1222,10 +1222,29 @@ verifyRSASignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, char ** msg,
     if (res != RPMRC_OK)
 	goto exit;
 
-    if (VFY_VerifyDigest(&digest, dig->rsa, dig->rsasig, sigalg, NULL) == SECSuccess)
-	res = RPMRC_OK;
-    else
-	res = RPMRC_FAIL;
+    {	SECItem *sig = dig->rsasig;
+	size_t siglen = SECKEY_SignatureLen(dig->rsa);
+
+	/* Zero-pad signature data up to expected size if necessary */
+	if (siglen > sig->len) {
+	    size_t pad = siglen - sig->len;
+	    if ((sig = SECITEM_AllocItem(NULL, NULL, siglen)) == NULL) {
+		res = RPMRC_FAIL;
+		goto exit;
+	    }
+	    memset(sig->data, 0, pad);
+	    memcpy(sig->data+pad, dig->rsasig->data, dig->rsasig->len);
+	}
+	    
+	if (VFY_VerifyDigest(&digest, dig->rsa, sig, sigalg, NULL) == SECSuccess)
+	    res = RPMRC_OK;
+	else
+	    res = RPMRC_FAIL;
+
+	if (sig != dig->rsasig) {
+	    SECITEM_ZfreeItem(sig, 1);
+	}
+    }
 
 exit:
     if (sigp != NULL) {