Commit - go-fedora - 2017d88dbc096381d4f348d2fb08bfb3c2b7ed73

go-fedora

`2017d88` [release-branch.go1.12-security] crypto/dsa: prevent bad public keys from causing panic

Authored and Committed by Katie Hockman 4 years ago

raw patch tree parent

1 file changed. 3 lines added. 0 lines removed.

    [release-branch.go1.12-security] crypto/dsa: prevent bad public keys from causing panic
    
    dsa.Verify might currently use a nil s inverse in a
    multiplication if the public key contains a non-prime Q,
    causing a panic. Change this to check that the mod
    inverse exists before using it.
    
    Fixes CVE-2019-17596
    
    Change-Id: I94d5f3cc38f1b5d52d38dcb1d253c71b7fd1cae7
    Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/572809
    Reviewed-by: Filippo Valsorda <valsorda@google.com>
    (cherry picked from commit 9119dfb0511326d4485b248b83d4fde19c95d0f7)
    Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575232

src/crypto/dsa/dsa.go

file modified

+3 -0

go-fedora

Source Code

2017d88 [release-branch.go1.12-security] crypto/dsa: prevent bad public keys from causing panic

Authored and Committed by Katie Hockman 4 years ago

`2017d88` [release-branch.go1.12-security] crypto/dsa: prevent bad public keys from causing panic