From 0ea57e8c7a3acec0feb67aa629716112298ed707 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 5 Jul 2012 13:58:08 +0000
Subject: [PATCH] Fixed potential memory zeroization on miscrafted RSA key
 (cherry picked from commit 3c16db9a10a3087e1611cd8ffb9ca564c0e9cf60)

Conflicts:
	ChangeLog (Moved message to 'Branch 1.1')
---
 ChangeLog     | 5 +++++
 library/rsa.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3f1658db2..53f0add8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 PolarSSL ChangeLog
 
+= Branch 1.1
+Security
+   * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
+     Vanderbeken)
+
 = Version 1.1.4 released on 2012-05-31
 Bugfix
    * Correctly handle empty SSL/TLS packets (Found by James Yonan)
diff --git a/library/rsa.c b/library/rsa.c
index ed1f45b25..278686b94 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -646,7 +646,7 @@ int rsa_pkcs1_sign( rsa_context *ctx,
                     return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
             }
 
-            if( nb_pad < 8 )
+            if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
             *p++ = 0;