[gnutls-dev] [PATCH] another large RSA modulus problem

[Ian Peters]

--=-jfDzBArV3p/QsughcgF8
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

The same Thawte certificate as last time (with a 2048 byte signature
length) triggers a new problem in lib/x509/x509.c.  Patch bumps length
from 640 to 2400.  Should this just be MAX_PARAMETER_SIZE instead?

Also, any particular reason you're overestimating sizes like this?  In
most of these cases you can assume powers of two, so, why e.g. 640
instead of 512, etc?

Ian

--=-jfDzBArV3p/QsughcgF8
Content-Disposition: inline; filename=gnutls-0.9.4-2048-byte-signature.patch
Content-Type: text/x-patch; name=gnutls-0.9.4-2048-byte-signature.patch; charset=UTF-8
Content-Transfer-Encoding: 7bit

diff -Nru -x '*~' -x '*.o' -x '*.orig' -x '*.rej' gnutls-0.9.4.orig/lib/x509/x509.c gnutls-0.9.4/lib/x509/x509.c
--- gnutls-0.9.4.orig/lib/x509/x509.c	2003-03-28 07:29:12.000000000 -0500
+++ gnutls-0.9.4/lib/x509/x509.c	2003-03-31 17:15:01.000000000 -0500
@@ -207,7 +207,7 @@
 	
 	/* Read the signature */
 	{
-		opaque signature[640];
+		opaque signature[2400];
 		int len;
 		
 		/* read the bit string of the signature

--=-jfDzBArV3p/QsughcgF8--