Bug#511521: boinc: Does not check the RSA_public_decrypt() return value.

Kurt Roeckx kurt at roeckx.be
Sun Jan 11 19:52:38 UTC 2009

Package: boinc
Severity: serious
Tags: security


I've been checking packages to see if they properly check the return
value of some of the functions in openssl.  In lib/crypt.C there
is this code:
int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
    RSA* rp = RSA_new();
    public_to_openssl(key, rp);
    RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
    out.len = RSA_size(rp);
    return 0;

So it's not checking the return value of RSA_public_decrypt() which
returns the the size of the recovered message digest on success
and -1 on failure.

I have no idea if this code is being used and what the consequences
of this might be.


More information about the pkg-boinc-devel mailing list