feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3386 from ejohnstown/dh-maint

Browse Source 
Fuzz Fix
This commit is contained in:
David Garske
2020-10-13 15:47:11 -07:00
committed by GitHub
parent b68828d3c9 422683f4c3
commit 232028d03b
1 changed files with 44 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/internal.c
View File

@@ -21151,22 +21151,25 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
int group = 0; int group = 0;
#endif #endif
ssl->buffers.weOwnDH = 1; if (ssl->buffers.weOwnDH) {
if (ssl->buffers.serverDH_P.buffer) { if (ssl->buffers.serverDH_P.buffer) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL; ssl->buffers.serverDH_P.buffer = NULL;
} }
if (ssl->buffers.serverDH_G.buffer) { if (ssl->buffers.serverDH_G.buffer) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL; ssl->buffers.serverDH_G.buffer = NULL;
} }
if (ssl->buffers.serverDH_Pub.buffer) { if (ssl->buffers.serverDH_Pub.buffer) {
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_Pub.buffer = NULL; ssl->buffers.serverDH_Pub.buffer = NULL;
} }
}
/* p */ /* p */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) { if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
@@ -21208,6 +21211,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
/* g */ /* g */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) { if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk); ERROR_OUT(BUFFER_ERROR, exit_gdpk);
} }
@@ -21215,6 +21221,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
args->idx += OPAQUE16_LEN; args->idx += OPAQUE16_LEN;
if ((args->idx - args->begin) + length > size) { if ((args->idx - args->begin) + length > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk); ERROR_OUT(BUFFER_ERROR, exit_gdpk);
} }
@@ -21224,6 +21233,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
ssl->buffers.serverDH_G.length = length; ssl->buffers.serverDH_G.length = length;
} }
else { else {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
ERROR_OUT(MEMORY_ERROR, exit_gdpk); ERROR_OUT(MEMORY_ERROR, exit_gdpk);
} }
@@ -21233,6 +21245,12 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
/* pub */ /* pub */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) { if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk); ERROR_OUT(BUFFER_ERROR, exit_gdpk);
} }
@@ -21240,6 +21258,12 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
args->idx += OPAQUE16_LEN; args->idx += OPAQUE16_LEN;
if ((args->idx - args->begin) + length > size) { if ((args->idx - args->begin) + length > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk); ERROR_OUT(BUFFER_ERROR, exit_gdpk);
} }
@@ -21249,11 +21273,18 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
ssl->buffers.serverDH_Pub.length = length; ssl->buffers.serverDH_Pub.length = length;
} }
else { else {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(MEMORY_ERROR, exit_gdpk); ERROR_OUT(MEMORY_ERROR, exit_gdpk);
} }
XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx, XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx,
length); length);
ssl->buffers.weOwnDH = 1;
args->idx += length; args->idx += length;
#ifdef HAVE_FFDHE #ifdef HAVE_FFDHE