feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix leak when wc_PKCS7_InitWithCert is called in verify

Browse Source
This commit is contained in:
Sean Parkinson
2018-02-20 11:22:11 +10:00
parent 6dad94c0fa
commit 3dfc2d87f3
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wolfcrypt/src/pkcs7.c
View File

@ -1844,6 +1844,9 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
byte* signedAttrib = NULL;
int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
byte degenerate;
#ifdef ASN_BER_TO_DER
byte* der;
#endif
if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0)
return BAD_FUNC_ARG;
@ -1988,8 +1991,14 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
certSz += (certIdx - idx);
}
#ifdef ASN_BER_TO_DER
der = pkcs7->der;
#endif
/* This will reset PKCS7 structure and then set the certificate */
wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
#ifdef ASN_BER_TO_DER
pkcs7->der = der;
#endif
/* iterate through any additional certificates */
if (MAX_PKCS7_CERTS > 0) {