diff options
| author | Filippo Valsorda <hi@filippo.io> | 2016-01-21 20:17:37 +0000 |
|---|---|---|
| committer | Filippo Valsorda <hi@filippo.io> | 2016-01-21 20:17:37 +0000 |
| commit | 032f2326268ae810343c5a083e048f361f7a2074 (patch) | |
| tree | 264c7d7fde6b7ce9bf96d20cc5eb9e3bf7ad51b4 /youtube_dl | |
| parent | 6b45f9aba2dad6e965ab51b4d18f4bb05336eaf1 (diff) | |
| parent | 4d318be1951d6bbae0eae7aff69a58de353c8337 (diff) | |
| download | youtube-dl-032f2326268ae810343c5a083e048f361f7a2074.tar.xz | |
Merge pull request #8142 from FiloSottile/filippo/updates
[update] fix (unexploitable) BB'06 vulnerability in rsa_verify
Diffstat (limited to 'youtube_dl')
| -rw-r--r-- | youtube_dl/update.py | 32 |
1 files changed, 8 insertions, 24 deletions
diff --git a/youtube_dl/update.py b/youtube_dl/update.py index 995b8ed96..e4a1aaa64 100644 --- a/youtube_dl/update.py +++ b/youtube_dl/update.py @@ -15,33 +15,17 @@ from .version import __version__ def rsa_verify(message, signature, key): - from struct import pack from hashlib import sha256 - assert isinstance(message, bytes) - block_size = 0 - n = key[0] - while n: - block_size += 1 - n >>= 8 - signature = pow(int(signature, 16), key[1], key[0]) - raw_bytes = [] - while signature: - raw_bytes.insert(0, pack("B", signature & 0xFF)) - signature >>= 8 - signature = (block_size - len(raw_bytes)) * b'\x00' + b''.join(raw_bytes) - if signature[0:2] != b'\x00\x01': - return False - signature = signature[2:] - if b'\x00' not in signature: - return False - signature = signature[signature.index(b'\x00') + 1:] - if not signature.startswith(b'\x30\x31\x30\x0D\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'): - return False - signature = signature[19:] - if signature != sha256(message).digest(): + byte_size = (len(bin(key[0])) - 2 + 8 - 1) // 8 + signature = ('%x' % pow(int(signature, 16), key[1], key[0])).encode() + signature = (byte_size * 2 - len(signature)) * b'0' + signature + asn1 = b'3031300d060960864801650304020105000420' + asn1 += sha256(message).hexdigest().encode() + if byte_size < len(asn1) // 2 + 11: return False - return True + expected = b'0001' + (byte_size - len(asn1) // 2 - 3) * b'ff' + b'00' + asn1 + return expected == signature def update_self(to_screen, verbose, opener): |