personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-02-15 09:14:23 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

don't panic on bad ed25519 key lengths

Browse Source
This commit is contained in:
JackDoan
2026-02-06 14:01:22 -06:00
parent f573e8a266
commit 8c828b3cae
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cert/cert_v1.go
View File

@@ -112,6 +112,9 @@ func (c *certificateV1) CheckSignature(key []byte) bool {
} }
switch c.details.curve { switch c.details.curve {
case Curve_CURVE25519: case Curve_CURVE25519:
if len(key) != ed25519.PublicKeySize {
return false //avoids a panic internal to ed25519
}
return ed25519.Verify(key, b, c.signature) return ed25519.Verify(key, b, c.signature)
case Curve_P256: case Curve_P256:
pubKey, err := ecdsa.ParseUncompressedPublicKey(elliptic.P256(), key) pubKey, err := ecdsa.ParseUncompressedPublicKey(elliptic.P256(), key)

3
cert/cert_v2.go
View File

@@ -151,6 +151,9 @@ func (c *certificateV2) CheckSignature(key []byte) bool {
switch c.curve { switch c.curve {
case Curve_CURVE25519: case Curve_CURVE25519:
if len(key) != ed25519.PublicKeySize {
return false //avoids a panic internal to ed25519
}
return ed25519.Verify(key, b, c.signature) return ed25519.Verify(key, b, c.signature)
case Curve_P256: case Curve_P256:
pubKey, err := ecdsa.ParseUncompressedPublicKey(elliptic.P256(), key) pubKey, err := ecdsa.ParseUncompressedPublicKey(elliptic.P256(), key)