Fix CVE-2010-1633 and CVE-2010-0742.

author: Dr. Stephen Henson <steve@openssl.org> 2010-06-01 13:17:06 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-06-01 13:17:06 +0000
commit: 618265e64540307f0d1764208b9c048702df9b59 (patch)
tree: 299b509bba4ff371dbe57becdebeedd5ee49c735 /crypto/rsa
parent: 9728978b752863aa4035a537bd979fde0aa1bfc7 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 297e17cdcf..c6892ecd09 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
 			ret = int_rsa_verify(EVP_MD_type(rctx->md),
 						NULL, 0, rout, &sltmp,
 					sig, siglen, ctx->pkey->pkey.rsa);
+			if (ret <= 0)
+				return 0;
 			ret = sltmp;
 			}
 		else
author	Dr. Stephen Henson <steve@openssl.org>	2010-06-01 13:17:06 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-06-01 13:17:06 +0000
commit	618265e64540307f0d1764208b9c048702df9b59 (patch)
tree	299b509bba4ff371dbe57becdebeedd5ee49c735 /crypto/rsa
parent	9728978b752863aa4035a537bd979fde0aa1bfc7 (diff)