placeholder

Hasnain says:

Terrible bug aside, this was a great postmortem and actionable set of follow-ups.

inb4 rust rewrite though.

"The maximum size signature that this structure can handle is whatever the largest union member is, in this case that’s RSA at 2048 bytes. That’s 16384 bits, large enough to accommodate signatures from even the most ridiculously oversized keys.

Okay, but what happens if you just....make a signature that’s bigger than that?

Well, it turns out the answer is memory corruption. Yes, really.

The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data."

Posted on 2021-12-02T02:53:26+0000