From 52893877d7519b52d5bf1daf133690b2d8fc6fda Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 18 Dec 2019 13:25:25 -0600
Subject: [PATCH] Fixes from review

---
 src/tls.c              |  2 +-
 tests/api.c            | 17 +++++++++++------
 wolfcrypt/src/pkcs12.c |  7 ++++---
 wolfcrypt/src/pkcs7.c  |  3 +++
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 0aa7ebf2f..ff73f2899 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -2617,7 +2617,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                     return BUFFER_ERROR;
                 ato16(input + offset, &idSz);
                 offset += OPAQUE16_LEN;
-                if (idSz > length - offset)
+                if ((offset > length) || (idSz > length - offset))
                     return BUFFER_ERROR;
                 id = input + offset;
                 offset += idSz;
diff --git a/tests/api.c b/tests/api.c
index 147343db9..33f836ef6 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -21737,7 +21737,7 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
     WOLFSSL_ASN1_TIME *asn_time, *s;
     int offset_day;
     long offset_sec;
-    char date_str[CTC_DATE_SIZE];
+    char date_str[CTC_DATE_SIZE + 1];
     time_t t;
 
     printf(testingFmt, "wolfSSL_ASN1_TIME_adj()");
@@ -21752,14 +21752,16 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
     /* offset_sec = -45 * min;*/
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)-1);
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
 
     /* negative offset */
     offset_sec = -45 * mini;
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)-1);
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
 
     XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -21776,7 +21778,8 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
         offset_sec = 10 * mini;
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_gen_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)-1);
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
 
     XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -21791,13 +21794,15 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
     offset_sec = 45 * mini;
     asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)-1);
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
     XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
 
     asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
     AssertTrue(asn_time->type == asn_utc_time);
-    XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)-1);
+    XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
+    date_str[CTC_DATE_SIZE] = '\0';
     AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
     XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
 
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index 507a3c270..bd27fdd46 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -768,10 +768,11 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
                 byte ar[MAX_LENGTH_SZ + 2];
                 tmpSz = SetShortInt(ar, &tmpIdx, mac->itt, MAX_LENGTH_SZ + 2);
                 if (tmpSz < 0) {
-                    WOLFSSL_MSG("Error returned by SetShortInt");
-                    return tmpSz;
+                    ret = tmpSz;
+                }
+                else {
+                    XMEMCPY(&sdBuf[idx], ar, tmpSz);
                 }
-                XMEMCPY(&sdBuf[idx], ar, tmpSz);
             }
 
             totalSz += sdBufSz;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index a8233e06a..1b4c1fefc 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -3504,6 +3504,9 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
         digestSz = wc_HashGetDigestSize(hashType);
         if (digestSz < 0) {
             WOLFSSL_MSG("Invalid hash type");
+#ifdef WOLFSSL_SMALL_STACK
+            XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
             return digestSz;
         }
     } else {