forked from wolfSSL/wolfssl
PKCS#7: fix use after free in wc_DecodeKtri
This commit is contained in:
Chris Conlon
@@ -2600,13 +2600,12 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
|||||||
}
|
}
|
||||||
wc_FreeRsaKey(privKey);
|
wc_FreeRsaKey(privKey);
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
||||||
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (keySz <= 0 || outKey == NULL) {
|
if (keySz <= 0 || outKey == NULL) {
|
||||||
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
return keySz;
|
return keySz;
|
||||||
} else {
|
} else {
|
||||||
*decryptedKeySz = keySz;
|
*decryptedKeySz = keySz;
|
||||||
@@ -2614,6 +2613,11 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
|||||||
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user