feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1370 from JacobBarthelmeh/Testing

Browse Source 
check on verify depth for certificates with opensslextra
This commit is contained in:
toddouska
2018-02-14 16:29:25 -08:00
committed by GitHub
parent 9ff97997a6 2e15842ef2
commit ad1fc26d4e
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/internal.c
View File

@ -7964,13 +7964,21 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif
/* allocate buffer for certs */
#ifdef OPENSSL_EXTRA
args->certs = (buffer*)XMALLOC(sizeof(buffer) *
(ssl->verifyDepth + 1), ssl->heap, DYNAMIC_TYPE_DER);
if (args->certs == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
XMEMSET(args->certs, 0, sizeof(buffer) * (ssl->verifyDepth + 1));
#else
args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
ssl->heap, DYNAMIC_TYPE_DER);
if (args->certs == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH);
#endif /* OPENSSL_EXTRA */
/* Certificate List */
if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) {
ERROR_OUT(BUFFER_ERROR, exit_ppc);
@ -7996,7 +8004,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc);
}
#else
if (args->totalCerts >= ssl->verifyDepth) {
if (args->totalCerts >= ssl->verifyDepth ||
args->totalCerts >= MAX_CHAIN_DEPTH) {
ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc);
}
#endif