From 3c16db9a10a3087e1611cd8ffb9ca564c0e9cf60 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 5 Jul 2012 13:58:08 +0000
Subject: [PATCH]  - Fixed potential memory zeroization on miscrafted RSA key

---
 ChangeLog     | 2 ++
 library/rsa.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f86254458..e00643b72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,8 @@ Security
      Frama-C team at CEA LIST)
    * Fixed generation of DHM parameters to correct length (found by Ruslan
      Yushchenko)
+   * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
+     Vanderbeken)
 
 = Version 1.1.3 released on 2012-04-29
 Bugfix
diff --git a/library/rsa.c b/library/rsa.c
index 215f1aa09..6dfcdb35c 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -679,7 +679,7 @@ int rsa_pkcs1_sign( rsa_context *ctx,
                     return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
             }
 
-            if( nb_pad < 8 )
+            if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
             *p++ = 0;