commit 060c56871cf1b994748aa3bfe83ec75960b61f59
author Paul Bakker <p.j.bakker@polarssl.org> Mon Jan 12 21:48:39 2009 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Jan 12 21:48:39 2009 +0000
tree a5a900f9e08533e8a601bf2058ee40c422f69a51
parent c32c6b56ca45734930f639e8730abfaf3907e990

 - Fixed possible heap overflow in pkcs1_decrypt on data larger than output
   buffer after padding. For instance the premaster decryption in
   ssl_parse_client_key_exchange() in ssl_serv.c (Thanks to Christophe
   Devine)

include/polarssl/rsa.h

diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index abca193..f02df5a 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -31,6 +31,7 @@
 #define POLARSSL_ERR_RSA_PUBLIC_FAILED                     -0x0440
 #define POLARSSL_ERR_RSA_PRIVATE_FAILED                    -0x0450
 #define POLARSSL_ERR_RSA_VERIFY_FAILED                     -0x0460
+#define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE                   -0x0470
 
 /*
  * PKCS#1 constants
@@ -216,16 +217,19 @@
  * \param input    buffer holding the encrypted data
  * \param output   buffer that will hold the plaintext
  * \param olen     will contain the plaintext length
+ * \param output_max_len	maximum length of the output buffer
  *
  * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
  *
  * \note           The output buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
  */
 int rsa_pkcs1_decrypt( rsa_context *ctx,
                        int mode, int *olen,
                        unsigned char *input,
-                       unsigned char *output );
+                       unsigned char *output,
+		       int output_max_len);
 
 /**
  * \brief          Do a private RSA to sign a message digest