Skip to content

Commit

Permalink
signature: prevent malleability and overflows
Browse files Browse the repository at this point in the history
  • Loading branch information
indutny committed Jun 18, 2020
1 parent 6048941 commit 856fe4d
Showing 1 changed file with 36 additions and 4 deletions.
40 changes: 36 additions & 4 deletions lib/elliptic/ec/signature.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,24 @@ function getLength(buf, p) {
return initial;
}
var octetLen = initial & 0xf;

// Indefinite length or overflow
if (octetLen === 0 || octetLen > 4) {
return false;

This comment has been minimized.

Copy link
@wbswk

wbswk Sep 17, 2020

Your code looks like shit

}

var val = 0;
for (var i = 0, off = p.place; i < octetLen; i++, off++) {
val <<= 8;
val |= buf[off];
val >>>= 0;
}

// Leading zeroes
if (val <= 0x7f) {
return false;
}

p.place = off;
return val;
}
Expand All @@ -60,28 +73,47 @@ Signature.prototype._importDER = function _importDER(data, enc) {
return false;
}
var len = getLength(data, p);
if (len === false) {
return false;
}
if ((len + p.place) !== data.length) {
return false;
}
if (data[p.place++] !== 0x02) {
return false;
}
var rlen = getLength(data, p);
if (rlen === false) {
return false;
}
var r = data.slice(p.place, rlen + p.place);
p.place += rlen;
if (data[p.place++] !== 0x02) {
return false;
}
var slen = getLength(data, p);
if (slen === false) {
return false;
}
if (data.length !== slen + p.place) {
return false;
}
var s = data.slice(p.place, slen + p.place);
if (r[0] === 0 && (r[1] & 0x80)) {
r = r.slice(1);
if (r[0] === 0) {
if (r[1] & 0x80) {
r = r.slice(1);
} else {
// Leading zeroes
return false;
}
}
if (s[0] === 0 && (s[1] & 0x80)) {
s = s.slice(1);
if (s[0] === 0) {
if (s[1] & 0x80) {
s = s.slice(1);
} else {
// Leading zeroes
return false;
}
}

this.r = new BN(r);
Expand Down

0 comments on commit 856fe4d

Please # to comment.