Bug#511521: boinc: Does not check the RSA_public_decrypt() return value.
Kurt Roeckx
kurt at roeckx.be
Sun Jan 11 19:52:38 UTC 2009
Package: boinc
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In lib/crypt.C there
is this code:
int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
RSA* rp = RSA_new();
public_to_openssl(key, rp);
RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
out.len = RSA_size(rp);
return 0;
}
So it's not checking the return value of RSA_public_decrypt() which
returns the the size of the recovered message digest on success
and -1 on failure.
I have no idea if this code is being used and what the consequences
of this might be.
Kurt
More information about the pkg-boinc-devel
mailing list