sanity check on pem size

2021-11-19 13:55:03 -07:00
parent ca72beb688
commit 5d49847147
1 changed files with 17 additions and 11 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -43032,10 +43032,11 @@ cleanup:
            return NULL;
        }

-        pem = (unsigned char*)XMALLOC(l, 0, DYNAMIC_TYPE_PEM);
+        pemSz = (int)l;
+        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
        if (pem == NULL)
            return NULL;
-        XMEMSET(pem, 0, l);
+        XMEMSET(pem, 0, pemSz);

        i = 0;
        if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
@@ -43069,15 +43070,20 @@ cleanup:
    #else
        (void)l;
    #endif
-        pemSz = (int)i;
-    #ifdef WOLFSSL_CERT_REQ
-        if (type == CERTREQ_TYPE)
-            x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
-                                                        WOLFSSL_FILETYPE_PEM);
-        else
-    #endif
-            x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
-                                                        WOLFSSL_FILETYPE_PEM);
+        if (i > pemSz) {
+            WOLFSSL_MSG("Error parsing PEM");
+        }
+        else {
+            pemSz = (int)i;
+        #ifdef WOLFSSL_CERT_REQ
+            if (type == CERTREQ_TYPE)
+                x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
+                                                          WOLFSSL_FILETYPE_PEM);
+            else
+        #endif
+                x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
+                                                          WOLFSSL_FILETYPE_PEM);
+        }

        if (x != NULL) {
            *x = x509;