1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

Fix bug in Uppity RSA kex with short secret values.

In ssh_rsakex_decrypt, the code that decodes the buffer after it's
been through RSA decryption and had the OAEP masking undone would
never have worked if there were any padding 0 bytes between the prefix
and suffix of the OAEP preimage.

I must have not noticed before because PuTTY's RSA kex client code
always makes the biggest possible secret integer, so it never _does_
need any padding!
This commit is contained in:
Simon Tatham 2019-12-15 20:12:59 +00:00
parent 873ec97302
commit e47a337dd7

View File

@ -998,7 +998,7 @@ mp_int *ssh_rsakex_decrypt(
if (out[i] == 1) {
i++; /* skip over the 1 byte */
break;
} else if (out[i] != 1) {
} else if (out[i] != 0) {
sfree(out);
return NULL;
}