feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.

Browse Source
This commit is contained in:
Kareem Abuobeid
2021-05-11 14:35:41 -07:00
parent 64330d468e
commit cba029a436
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfcrypt/src/pkcs7.c
View File

@@ -1100,6 +1100,16 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
return ret; return ret;
} }
if (dCert->pubKeySize > (MAX_RSA_INT_SZ + MAX_RSA_E_SZ) ||
dCert->serialSz > MAX_SN_SZ) {
WOLFSSL_MSG("Invalid size in certificate\n");
FreeDecodedCert(dCert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT);
#endif
return ASN_PARSE_E;
}
XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize); XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
pkcs7->publicKeySz = dCert->pubKeySize; pkcs7->publicKeySz = dCert->pubKeySize;
pkcs7->publicKeyOID = dCert->keyOID; pkcs7->publicKeyOID = dCert->keyOID;