wo#7449 . verify padding contents for IKEv2 RSA sig check

Special thanks to Sze Yiu Chau of Purdue University ([email protected])
who reported the issue.

Author: bartman

lib/liboswkeys/signatures.c

@@ -157,8 +157,21 @@ err_t verify_signed_hash(const struct RSA_public_key *k
 	return "3""SIG padding does not check out";
     }
 
-    s += padlen + 3;
-    (*psig) = s;
+    /* signature starts after ASN wrapped padding [00,01,FF..FF,00] */
+    (*psig) = s + padlen + 3;
+
+    /* verify padding contents */
+    {
+        const u_char *p;
+        size_t cnt_ffs = 0;
+
+        for (p = s+2; p < s+padlen+2; p++)
+            if (*p == 0xFF)
+                cnt_ffs ++;
+
+        if (cnt_ffs != padlen)
+            return "4" "invalid Padding String";
+    }
 
     /* return SUCCESS */
     return NULL;