projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ed11467) | patch
sign/ed25519: Verify signatures are minimum length
authorColin Walters <walters@verbum.org>
Thu, 14 Jul 2022 18:42:19 +0000 (14:42 -0400)
committerColin Walters <walters@verbum.org>
Thu, 14 Jul 2022 21:13:51 +0000 (17:13 -0400)
commit83e6357186be11fb8f2a6b66fab3730c44ee59dd
treec8fd1088622eaea64f9a5613fe2dc4e07cf84988tree | snapshot
parented1146738b9aa687c7dabb0a4fd8dc2ad16244cecommit | diff
sign/ed25519: Verify signatures are minimum length

The ed25519 signature verification code does not
check that the signature is a minimum/correct length.
As a result, if the signature is too short, libsodium will end up
reading a few bytes out of bounds.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
src/libostree/ostree-sign-ed25519.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.