Address buffer underflow, thanks to J.S. for the report on ZD10580

2020-07-23 12:20:41 -06:00
parent e198f6e73b
commit 3c5c0f88d4
1 changed files with 16 additions and 3 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -10555,11 +10555,24 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 #ifndef NO_WOLFSSL_SKIP_TRAILING_PAD
                #ifndef NO_DES3
                    if (info->cipherType == WC_CIPHER_DES3) {
+                        /* Assuming there is padding:
+                         *      (der->length > 0 &&
+                         *       (der->length % DES_BLOCK_SIZE) != 0)
+                         * and assuming the last value signifies the number of
+                         * padded bytes IE if last value is 0x08 then there are
+                         * 8 bytes of padding:
+                         *      padVal = der->buffer[der->length-1];
+                         * then strip this padding before proceeding:
+                         * der->length -= padVal;
+                         */
+                        if (der->length > 0 &&
+                            (der->length % DES_BLOCK_SIZE) != 0) {
                            padVal = der->buffer[der->length-1];
                            if (padVal <= DES_BLOCK_SIZE) {
                                der->length -= padVal;
                            }
                        }
+                    }
                #endif /* !NO_DES3 */
 #endif /* !NO_WOLFSSL_SKIP_TRAILING_PAD */
                }