From d6bd999c820317b742d02b4297e7619d126d9203 Mon Sep 17 00:00:00 2001 From: Jesper Louis Andersen Date: Tue, 15 Jun 2021 13:05:48 +0200 Subject: [PATCH] sign_verify_detached: guard against size The code didn't properly do a size check on a detached signature. Now it does. While here, fix a problem with EQC tests, for the same piece of code. --- c_src/sign.c | 4 ++++ eqc_test/enacl_eqc.erl | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/c_src/sign.c b/c_src/sign.c index 292e31c..fb06203 100644 --- a/c_src/sign.c +++ b/c_src/sign.c @@ -468,6 +468,10 @@ enacl_crypto_sign_verify_detached(ErlNifEnv *env, int argc, return enif_make_badarg(env); } + if (sig.size != crypto_sign_BYTES) { + return enif_make_badarg(env); + } + if (pk.size != crypto_sign_PUBLICKEYBYTES) { return enif_make_badarg(env); } diff --git a/eqc_test/enacl_eqc.erl b/eqc_test/enacl_eqc.erl index 38464b4..6093a5b 100644 --- a/eqc_test/enacl_eqc.erl +++ b/eqc_test/enacl_eqc.erl @@ -419,7 +419,7 @@ signed_message(M) -> ?FAULT(signed_message_bad(), signed_message_good(M)). signed_message_d(M) -> - ?FAULT(signed_message_bad(), signed_message_good(M)). + ?FAULT(signed_message_bad_d(), signed_message_good_d(M)). signed_message_valid({valid, _}, _) -> true; signed_message_valid({invalid, _}, _) -> true;