From d51715db728d99954219cc42b013db6e48db65c0 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Tue, 19 Aug 2014 19:20:22 +0200
Subject: [PATCH] pkcs#1 v1.5 decode: fix missing check of PS length in EMSA
 mode

---
 src/pk/pkcs1/pkcs_1_v1_5_decode.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/pk/pkcs1/pkcs_1_v1_5_decode.c b/src/pk/pkcs1/pkcs_1_v1_5_decode.c
index a073da9..5afbb80 100644
--- a/src/pk/pkcs1/pkcs_1_v1_5_decode.c
+++ b/src/pk/pkcs1/pkcs_1_v1_5_decode.c
@@ -65,9 +65,8 @@ int pkcs_1_v1_5_decode(const unsigned char *msg,
     }
     ps_len = i++ - 2;
 
-    if ((i >= modulus_len) || (ps_len < 8)) {
-      /* There was no octet with hexadecimal value 0x00 to separate ps from m,
-       * or the length of ps is less than 8 octets.
+    if (i >= modulus_len) {
+      /* There was no octet with hexadecimal value 0x00 to separate ps from m.
        */
       result = CRYPT_INVALID_PACKET;
       goto bail;
@@ -87,6 +86,14 @@ int pkcs_1_v1_5_decode(const unsigned char *msg,
     ps_len = i - 2;
   }
 
+  if (ps_len < 8)
+  {
+    /* The length of ps is less than 8 octets.
+     */
+    result = CRYPT_INVALID_PACKET;
+    goto bail;
+  }
+
   if (*outlen < (msglen - (2 + ps_len + 1))) {
     *outlen = msglen - (2 + ps_len + 1);
     result = CRYPT_BUFFER_OVERFLOW;