Add check on input length

Yubico · Sep 5, 2024 · b9b0df6 · b9b0df6
1 parent b1a4f97
commit b9b0df6
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/common/util.c b/common/util.c
@@ -70,6 +70,10 @@ bool read_ed25519_key(uint8_t *in, size_t in_len, uint8_t *out,
   uint8_t decoded[128];
   size_t decoded_len = sizeof(decoded);
 
+  if (in_len < (28 + 26)) {
+    return false;
+  }
+
   if (memcmp(in, PEM_private_header, 28) != 0 ||
       memcmp(in + in_len - 26, PEM_private_trailer, 25) != 0) {
     return false;

diff --git a/src/commands.c b/src/commands.c
@@ -3098,7 +3098,7 @@ int yh_com_sign_ssh_certificate(yubihsm_context *ctx, Argument *argv,
   uint8_t data[YH_MSG_BUF_SIZE + 1024] = {0};
   size_t response_len = sizeof(data);
 
-  if (argv[4].len > YH_MSG_BUF_SIZE) {
+  if (argv[4].len != (4 + 256)) { // 4 bytes timestamp + 256 byte signature
     fprintf(stderr, "Failed to sign ssh certificate: %s\n",
             yh_strerror(YHR_BUFFER_TOO_SMALL));
     return -1;