Merge pull request #4590 from JacobBarthelmeh/fuzzing

sanity check on pem size
2021-11-22 16:09:13 -08:00
parent f5239cc57e 5d49847147
commit dcc2a2852c
1 changed files with 17 additions and 11 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -43264,10 +43264,11 @@ cleanup:
            return NULL;
        }
-        pem = (unsigned char*)XMALLOC(l, 0, DYNAMIC_TYPE_PEM);
+        pemSz = (int)l;
        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
        if (pem == NULL)
            return NULL;
-        XMEMSET(pem, 0, l);
+        XMEMSET(pem, 0, pemSz);
        i = 0;
        if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
@ -43301,15 +43302,20 @@ cleanup:
    #else
        (void)l;
    #endif
-        pemSz = (int)i;
+        if (i > pemSz) {
-    #ifdef WOLFSSL_CERT_REQ
+            WOLFSSL_MSG("Error parsing PEM");
-        if (type == CERTREQ_TYPE)
+        }
-            x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
+        else {
-                                                        WOLFSSL_FILETYPE_PEM);
+            pemSz = (int)i;
-        else
+        #ifdef WOLFSSL_CERT_REQ
-    #endif
+            if (type == CERTREQ_TYPE)
-            x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
+                x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
-                                                        WOLFSSL_FILETYPE_PEM);
+                                                          WOLFSSL_FILETYPE_PEM);
            else
        #endif
                x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
                                                          WOLFSSL_FILETYPE_PEM);
        }
        if (x != NULL) {
            *x = x509;