feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

always use MAX_CHAIN_DEPTH for args->certs buffer

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-02-12 15:18:14 +07:00
parent 90140fc5a4
commit 0938a0055d
1 changed files with 8 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/internal.c
View File

@ -10841,21 +10841,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif #endif
/* allocate buffer for certs */ /* allocate buffer for certs */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
args->certs = (buffer*)XMALLOC(sizeof(buffer) *
(ssl->verifyDepth + 1), ssl->heap, DYNAMIC_TYPE_DER);
if (args->certs == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
XMEMSET(args->certs, 0, sizeof(buffer) * (ssl->verifyDepth + 1));
#else
args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH, args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
ssl->heap, DYNAMIC_TYPE_DER); ssl->heap, DYNAMIC_TYPE_DER);
if (args->certs == NULL) { if (args->certs == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc); ERROR_OUT(MEMORY_E, exit_ppc);
} }
XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH); XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH);
#endif /* OPENSSL_EXTRA */
/* Certificate List */ /* Certificate List */
if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) {
@ -10878,10 +10869,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (args->totalCerts > ssl->verifyDepth) { if (args->totalCerts >= MAX_CHAIN_DEPTH) {
ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
ret = MAX_CHAIN_ERROR; ret = MAX_CHAIN_ERROR;
break; /* break out to do certificate verify callback */ WOLFSSL_MSG("Too many certs for MAX_CHAIN_DEPTH");
break; /* break out to avoid reading more certs then buffer
* can hold */
} }
#else #else
if (args->totalCerts >= ssl->verifyDepth || if (args->totalCerts >= ssl->verifyDepth ||
@ -11122,15 +11115,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
(void)doCrlLookup; (void)doCrlLookup;
} }
#endif /* HAVE_OCSP || HAVE_CRL */ #endif /* HAVE_OCSP || HAVE_CRL */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (ret == 0 && if (ret == 0 &&
/* extend the limit "+1" until reaching /* extend the limit "+1" until reaching
* an ultimately trusted issuer.*/ * an ultimately trusted issuer.*/
args->count > (ssl->verifyDepth + 1)) { args->count > (ssl->verifyDepth + 1)) {
ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
ret = MAX_CHAIN_ERROR; ret = MAX_CHAIN_ERROR;
} }
#endif #endif
/* Do verify callback */ /* Do verify callback */
ret = DoVerifyCallback(ssl->ctx->cm, ssl, ret, args); ret = DoVerifyCallback(ssl->ctx->cm, ssl, ret, args);
if (ssl->options.verifyNone && if (ssl->options.verifyNone &&