From b9b0df663ade296747482537b76a5b14459b418c Mon Sep 17 00:00:00 2001
From: Aveen Ismail <aveen.ismail@yubico.com>
Date: Thu, 5 Sep 2024 17:45:46 +0200
Subject: [PATCH] Add check on input length

---
 common/util.c  | 4 ++++
 src/commands.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/util.c b/common/util.c
index ac43385b..c0408bcd 100644
--- a/common/util.c
+++ b/common/util.c
@@ -70,6 +70,10 @@ bool read_ed25519_key(uint8_t *in, size_t in_len, uint8_t *out,
   uint8_t decoded[128];
   size_t decoded_len = sizeof(decoded);
 
+  if (in_len < (28 + 26)) {
+    return false;
+  }
+
   if (memcmp(in, PEM_private_header, 28) != 0 ||
       memcmp(in + in_len - 26, PEM_private_trailer, 25) != 0) {
     return false;
diff --git a/src/commands.c b/src/commands.c
index 1ae6d996..b9e493e0 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -3098,7 +3098,7 @@ int yh_com_sign_ssh_certificate(yubihsm_context *ctx, Argument *argv,
   uint8_t data[YH_MSG_BUF_SIZE + 1024] = {0};
   size_t response_len = sizeof(data);
 
-  if (argv[4].len > YH_MSG_BUF_SIZE) {
+  if (argv[4].len != (4 + 256)) { // 4 bytes timestamp + 256 byte signature
     fprintf(stderr, "Failed to sign ssh certificate: %s\n",
             yh_strerror(YHR_BUFFER_TOO_SMALL));
     return -1;