From 6f1e5383da466d292f086a4140b726d6f54b1969 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 13 Feb 2018 10:29:23 -0700 Subject: [PATCH 1/2] check on verify depth for certificates with opensslextra --- src/internal.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/src/internal.c b/src/internal.c index 9ff1a36d8..fdb36d615 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7964,12 +7964,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* allocate buffer for certs */ - args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH, + args->certs = (buffer*)XMALLOC(sizeof(buffer) * ssl->verifyDepth, ssl->heap, DYNAMIC_TYPE_DER); if (args->certs == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } - XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH); + XMEMSET(args->certs, 0, sizeof(buffer) * ssl->verifyDepth); /* Certificate List */ if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { @@ -7990,16 +7990,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, while (listSz) { word32 certSz; - #ifdef OPENSSL_EXTRA - if (args->totalCerts > ssl->verifyDepth) { - ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; - ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); - } - #else if (args->totalCerts >= ssl->verifyDepth) { + #ifdef OPENSSL_EXTRA + ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; + #endif ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); } - #endif if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { ERROR_OUT(BUFFER_ERROR, exit_ppc); From 2e15842ef214e3d418bac1f33eeea45e36a5149c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 14 Feb 2018 10:01:22 -0700 Subject: [PATCH 2/2] revert verify depth check and increase array size to account for possible cert index --- src/internal.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/internal.c b/src/internal.c index fdb36d615..c462742fb 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7964,13 +7964,21 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* allocate buffer for certs */ - args->certs = (buffer*)XMALLOC(sizeof(buffer) * ssl->verifyDepth, + #ifdef OPENSSL_EXTRA + args->certs = (buffer*)XMALLOC(sizeof(buffer) * + (ssl->verifyDepth + 1), ssl->heap, DYNAMIC_TYPE_DER); + if (args->certs == NULL) { + ERROR_OUT(MEMORY_E, exit_ppc); + } + XMEMSET(args->certs, 0, sizeof(buffer) * (ssl->verifyDepth + 1)); + #else + args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH, ssl->heap, DYNAMIC_TYPE_DER); if (args->certs == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } - XMEMSET(args->certs, 0, sizeof(buffer) * ssl->verifyDepth); - + XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH); + #endif /* OPENSSL_EXTRA */ /* Certificate List */ if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { ERROR_OUT(BUFFER_ERROR, exit_ppc); @@ -7990,12 +7998,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, while (listSz) { word32 certSz; - if (args->totalCerts >= ssl->verifyDepth) { #ifdef OPENSSL_EXTRA + if (args->totalCerts > ssl->verifyDepth) { ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; - #endif ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); } + #else + if (args->totalCerts >= ssl->verifyDepth || + args->totalCerts >= MAX_CHAIN_DEPTH) { + ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); + } + #endif if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { ERROR_OUT(BUFFER_ERROR, exit_ppc);