From e851bf2d90d766663248e803edd5662ae23d94cf Mon Sep 17 00:00:00 2001
From: Markeryang <747675909@qq.com>
Date: Tue, 4 Aug 2020 17:46:11 +0800
Subject: [PATCH] fix CVE-2020-13757 fix CVE-2020-13757

---
 0001-Fix-CVE-2020-13757.patch | 48 +++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 0001-Fix-CVE-2020-13757.patch

diff --git a/0001-Fix-CVE-2020-13757.patch b/0001-Fix-CVE-2020-13757.patch
new file mode 100644
index 0000000..1cc36b4
--- /dev/null
+++ b/0001-Fix-CVE-2020-13757.patch
@@ -0,0 +1,48 @@
+From 93af6f2f89a9bf28361e67716c4240e691520f30 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
+Date: Wed, 3 Jun 2020 14:39:23 +0200
+Subject: [PATCH] Fix CVE-2020-13757: detect cyphertext modifications by
+ prepending zero bytes
+
+Reject cyphertexts that have been modified by prepending zero bytes, by
+checking the cyphertext length against the expected size (given the
+decryption key). This resolves CVE-2020-13757.
+
+The same approach is used when verifying a signature.
+
+Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
+---
+ rsa/pkcs1.py        |  9 +++++++++
+ 1 files changed, 9 insertions(+)
+
+diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
+index 28f0dc5..cdf830b 100644
+--- a/rsa/pkcs1.py
++++ b/rsa/pkcs1.py
+@@ -232,6 +232,12 @@ def decrypt(crypto, priv_key):
+     decrypted = priv_key.blinded_decrypt(encrypted)
+     cleartext = transform.int2bytes(decrypted, blocksize)
+ 
++    # Detect leading zeroes in the crypto. These are not reflected in the
++    # encrypted value (as leading zeroes do not influence the value of an
++    # integer). This fixes CVE-2020-13757.
++    if len(crypto) > blocksize:
++        raise DecryptionError('Decryption failed')
++
+     # If we can't find the cleartext marker, decryption failed.
+     if cleartext[0:2] != b('\x00\x02'):
+         raise DecryptionError('Decryption failed')
+@@ -310,6 +316,9 @@ def verify(message, signature, pub_key):
+     cleartext = HASH_ASN1[method_name] + message_hash
+     expected = _pad_for_signing(cleartext, keylength)
+ 
++    if len(signature) != keylength:
++        raise VerificationError('Verification failed')
++
+     # Compare with the signed one
+     if expected != clearsig:
+         raise VerificationError('Verification failed')
+ 
+-- 
+1.8.3.1
+