From 67111efdad6c3fe499aaf39e7f0f0d97f9e3ac21 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 17 Feb 2018 19:41:44 +0800
Subject: limit rsa->e size to 64 bits

---
 rsa.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'rsa.c')

diff --git a/rsa.c b/rsa.c
index 7222b8d..67b90f7 100644
--- a/rsa.c
+++ b/rsa.c
@@ -68,6 +68,12 @@ int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
 		goto out;
 	}
 
+	/* 64 bit is limit used by openssl, so we won't block any keys in the wild */
+	if (mp_count_bits(key->e) > 64) {
+		dropbear_log(LOG_WARNING, "RSA key bad e");
+		goto out;
+	}
+
 	TRACE(("leave buf_get_rsa_pub_key: success"))
 	ret = DROPBEAR_SUCCESS;
 out:
-- 
cgit v1.2.3