feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #7099 from jpbland1/tls13-bounds-check

Browse Source 
TLS13 padding bounds check
This commit is contained in:
Daniel Pouzzner
2024-01-04 01:09:36 -05:00
committed by GitHub
parent bcfaf0372c b37716f5ce
commit 9db20774d8
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/internal.c
View File

@@ -21160,11 +21160,11 @@ default:
ssl->keys.decryptedCur = 1; ssl->keys.decryptedCur = 1;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) { if (ssl->options.tls1_3) {
/* end of plaintext */ word32 i = (ssl->buffers.inputBuffer.idx +
word16 i = (word16)(ssl->buffers.inputBuffer.idx +
ssl->curSize - ssl->specs.aead_mac_size); ssl->curSize - ssl->specs.aead_mac_size);
/* check that the end of the logical length doesn't extend
if (i > ssl->buffers.inputBuffer.length) { * past the real buffer */
if (i > ssl->buffers.inputBuffer.length || i == 0) {
WOLFSSL_ERROR(BUFFER_ERROR); WOLFSSL_ERROR(BUFFER_ERROR);
return BUFFER_ERROR; return BUFFER_ERROR;
} }