feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for loading certificate DER chain longer than 2 deep. Fix to properly trap BUFFER_E in ProcessUserChain. ZD14048.

Browse Source
This commit is contained in:
David Garske
2022-06-16 16:19:37 -07:00
parent 8f7db87f01
commit 128ebf54e9
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ssl.c
View File

@ -5622,7 +5622,8 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
cnt++; cnt++;
#endif #endif
if ((idx + part->length + CERT_HEADER_SZ) > bufferSz) { if ((idx + part->length + CERT_HEADER_SZ) > bufferSz) {
WOLFSSL_MSG(" Cert Chain bigger than buffer"); WOLFSSL_MSG(" Cert Chain bigger than buffer. "
"Consider increasing MAX_CHAIN_DEPTH");
ret = BUFFER_E; ret = BUFFER_E;
} }
else { else {
@ -5636,9 +5637,12 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
} }
/* add CA's to certificate manager */ /* add CA's to certificate manager */
if (type == CA_TYPE) { if (ret == 0 && type == CA_TYPE) {
/* verify CA unless user set to no verify */ /* verify CA unless user set to no verify */
ret = AddCA(ctx->cm, &part, WOLFSSL_USER_CA, verify); ret = AddCA(ctx->cm, &part, WOLFSSL_USER_CA, verify);
if (ret == WOLFSSL_SUCCESS) {
ret = 0; /* converted success case */
}
gotOne = 0; /* don't exit loop for CA type */ gotOne = 0; /* don't exit loop for CA type */
} }
} }