From d4a3d61ff523678c646dbe93c2c7759e9076ab14 Mon Sep 17 00:00:00 2001 From: Jim Wigginton Date: Mon, 11 Jul 2011 00:02:53 +0000 Subject: [PATCH] - improved handling of malformed RSA keys (thanks scope_v24!) git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@171 21d32557-59b3-4da0-833f-c5933fad653e --- phpseclib/Crypt/RSA.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index a487e420..eee09fab 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -768,6 +768,10 @@ class Crypt_RSA { */ function _parseKey($key, $type) { + if ($type != CRYPT_RSA_PUBLIC_FORMAT_RAW && !is_string($key)) { + return false; + } + switch ($type) { case CRYPT_RSA_PUBLIC_FORMAT_RAW: if (!is_array($key)) { @@ -800,7 +804,7 @@ class Crypt_RSA { case isset($key[1]): $components['modulus'] = $key[1]->copy(); } - return $components; + return isset($components['modulus']) && isset($components['publicExponent']) ? $components : false; case CRYPT_RSA_PRIVATE_FORMAT_PKCS1: case CRYPT_RSA_PUBLIC_FORMAT_PKCS1: /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is @@ -989,12 +993,21 @@ class Crypt_RSA { $cleanup = substr($key, 0, 11) == "\0\0\0\7ssh-rsa"; + if (strlen($key) <= 4) { + return false; + } extract(unpack('Nlength', $this->_string_shift($key, 4))); $publicExponent = new Math_BigInteger($this->_string_shift($key, $length), -256); + if (strlen($key) <= 4) { + return false; + } extract(unpack('Nlength', $this->_string_shift($key, 4))); $modulus = new Math_BigInteger($this->_string_shift($key, $length), -256); if ($cleanup && strlen($key)) { + if (strlen($key) <= 4) { + return false; + } extract(unpack('Nlength', $this->_string_shift($key, 4))); return array( 'modulus' => new Math_BigInteger($this->_string_shift($key, $length), -256),