feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

PKCS7 fix for double free on error case and sanity check on set serial number (#4356)

Browse Source 
* check for error value on set serial number

* set pointer in fail case
This commit is contained in:
JacobBarthelmeh
2021-09-02 06:13:35 +07:00
committed by GitHub
parent d23b0784b3
commit bac0497c35
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
wolfcrypt/src/pkcs7.c
View File

@ -5713,6 +5713,8 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari)
ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId);
if (ret != 0) { if (ret != 0) {
XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7); XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7);
kari->senderKeyExportSz = 0;
kari->senderKeyExport = NULL;
return ret; return ret;
} }
@ -5721,6 +5723,8 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari)
ret = wc_InitRng_ex(&rng, kari->heap, kari->devId); ret = wc_InitRng_ex(&rng, kari->heap, kari->devId);
if (ret != 0) { if (ret != 0) {
XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7); XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7);
kari->senderKeyExportSz = 0;
kari->senderKeyExport = NULL;
return ret; return ret;
} }
@ -5728,6 +5732,8 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari)
kari->senderKey, kari->recipKey->dp->id); kari->senderKey, kari->recipKey->dp->id);
if (ret != 0) { if (ret != 0) {
XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7); XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7);
kari->senderKeyExportSz = 0;
kari->senderKeyExport = NULL;
wc_FreeRng(&rng); wc_FreeRng(&rng);
return ret; return ret;
} }
@ -5739,6 +5745,8 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari)
&kari->senderKeyExportSz); &kari->senderKeyExportSz);
if (ret != 0) { if (ret != 0) {
XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7); XFREE(kari->senderKeyExport, kari->heap, DYNAMIC_TYPE_PKCS7);
kari->senderKeyExportSz = 0;
kari->senderKeyExport = NULL;
return ret; return ret;
} }
@ -6488,10 +6496,20 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
} }
snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial, snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial,
MAX_SN_SZ, MAX_SN_SZ); MAX_SN_SZ, MAX_SN_SZ);
if (snSz < 0) {
WOLFSSL_MSG("Error setting the serial number");
FreeDecodedCert(decoded);
#ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return -1;
}
issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz, issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
issuerSerialSeq); issuerSerialSeq);
} else if (sidType == CMS_SKID) { } else if (sidType == CMS_SKID) {
/* version, must be 2 for SubjectKeyIdentifier */ /* version, must be 2 for SubjectKeyIdentifier */