prevent buffer overflows if sigSz > MAX_ENCODED_SIG_SZ

2016-02-24 16:08:54 -07:00
parent 4858a65984
commit 16dac5597f
1 changed files with 3 additions and 5 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -3586,14 +3586,12 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
                break; /* not confirmed */
            }
 #endif
-
-            if (sigSz > MAX_ENCODED_SIG_SZ) {
-                WOLFSSL_MSG("Verify Signature is too big");
-            }
-
            if (wc_InitRsaKey(pubKey, heap) != 0) {
                WOLFSSL_MSG("InitRsaKey failed");
            }
+            else if (sigSz > MAX_ENCODED_SIG_SZ) {
+                WOLFSSL_MSG("Verify Signature is too big");
+            }
            else if (wc_RsaPublicKeyDecode(key, &idx, pubKey, keySz) < 0) {
                WOLFSSL_MSG("ASN Key decode error RSA");
            }