From 2c8baef8f0dc257d6321b1ed55dc8ffea7e76864 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Fri, 7 Jun 2019 16:02:17 +0100 Subject: [PATCH] [Fix] Do not assert if length of sig is bad, just fail verification --- src/libcryptobox/cryptobox.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index 7cd5e1b13..4d42ddb38 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -590,8 +590,9 @@ rspamd_cryptobox_verify (const guchar *sig, bool ret = false; if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { - g_assert (siglen == rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); - ret = ed25519_verify (sig, m, mlen, pk); + if (siglen == rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519)) { + ret = ed25519_verify (sig, m, mlen, pk); + } } else { #ifndef HAVE_USABLE_OPENSSL -- 2.39.5