forked from wolfSSL/wolfssl
Merge pull request #3418 from cconlon/zd11003
PKCS#7: check PKCS7 VerifySignedData content length against total bundle size
This commit is contained in:
JacobBarthelmeh
GitHub
@ -4403,11 +4403,21 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
ret = ASN_PARSE_E;
|
||||
|
||||
if (ret == 0) {
|
||||
/* Use single OCTET_STRING directly. */
|
||||
if (localIdx - start + length == (word32)contentLen)
|
||||
/* Use single OCTET_STRING directly, or reset length. */
|
||||
if (localIdx - start + length == (word32)contentLen) {
|
||||
multiPart = 0;
|
||||
} else {
|
||||
/* reset length to outer OCTET_STRING for bundle size
|
||||
* check below */
|
||||
length = contentLen;
|
||||
}
|
||||
localIdx = start;
|
||||
}
|
||||
|
||||
if (ret != 0) {
|
||||
/* failed ASN1 parsing during OCTET_STRING checks */
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* get length of content in case of single part */
|
||||
@ -4425,6 +4435,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
/* support using header and footer without content */
|
||||
if (pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0) {
|
||||
localIdx = 0;
|
||||
|
||||
} else if (pkiMsg2 == NULL && hashBuf == NULL) {
|
||||
/* header/footer not separate, check content length is
|
||||
* not larger than total bundle size */
|
||||
if ((localIdx + length) > pkiMsgSz) {
|
||||
WOLFSSL_MSG("Content length detected is larger than "
|
||||
"total bundle size");
|
||||
ret = BUFFER_E;
|
||||
break;
|
||||
}
|
||||
}
|
||||
idx = localIdx;
|
||||
}
|
||||
@ -4440,7 +4460,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
if (!degenerate && !detached && ret != 0)
|
||||
break;
|
||||
|
||||
length = 0; /* no content to read */
|
||||
/* no content to read */
|
||||
length = 0;
|
||||
contentLen = 0;
|
||||
|
||||
pkiMsg2 = pkiMsg;
|
||||
pkiMsg2Sz = pkiMsgSz;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user