From a37808b32cb8947fd4d44ba969d8c6451148c64d Mon Sep 17 00:00:00 2001 From: Levi Rak Date: Wed, 21 Jun 2017 17:14:20 -0600 Subject: [PATCH] Sanity checkes added --- src/ssl.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index a3bdb2973..2615b556f 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -4156,23 +4156,39 @@ int PemToDer(const unsigned char* buff, long longSz, int type, char* line = XSTRNSTR(headerEnd, encHeader, min(headerEndSz, PEM_LINE_LEN)); if (line != NULL) { - char* newline; + word32 lineSz; char* finish; word32 finishSz; + char* start; word32 startSz; - word32 lineSz = (word32)(bufferEnd - line); - char* start = XSTRNSTR(line, "DES", min(lineSz, PEM_LINE_LEN)); + char* newline; - if (start == NULL) + if (line >= bufferEnd) { + return SSL_BAD_FILE; + } + + lineSz = (word32)(bufferEnd - line); + start = XSTRNSTR(line, "DES", min(lineSz, PEM_LINE_LEN)); + + if (start == NULL) { start = XSTRNSTR(line, "AES", min(lineSz, PEM_LINE_LEN)); + } if (start == NULL) return SSL_BAD_FILE; if (info == NULL) return SSL_BAD_FILE; + if (start >= bufferEnd) { + return SSL_BAD_FILE; + } + startSz = (word32)(bufferEnd - start); - finish = XSTRNSTR(start, ",", min((word32)startSz, PEM_LINE_LEN)); + finish = XSTRNSTR(start, ",", min(startSz, PEM_LINE_LEN)); if ((start != NULL) && (finish != NULL) && (start < finish)) { + if (finish >= bufferEnd) { + return SSL_BAD_FILE; + } + finishSz = (word32)(bufferEnd - finish); newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN));