feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

sanity check on length before read

Browse Source
This commit is contained in:
Jacob Barthelmeh
2019-09-11 09:27:51 -06:00
parent 9d69f17f17
commit e6c48327c1
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wolfcrypt/src/asn.c
View File

@@ -8036,7 +8036,13 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
certSz) < 0) { certSz) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
if (ret == 0) {
if ((extIdx + 1) > certSz)
ret = BUFFER_E;
} }
}
if (ret == 0) { if (ret == 0) {
if (cert[extIdx] == ASN_BOOLEAN) { if (cert[extIdx] == ASN_BOOLEAN) {
if (GetBoolean(cert, &extIdx, certSz) < 0) if (GetBoolean(cert, &extIdx, certSz) < 0)
@@ -8055,6 +8061,9 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
if (GetSequence(cert, &extIdx, &extLen, certSz) < 0) if (GetSequence(cert, &extIdx, &extLen, certSz) < 0)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
if (ret == 0 && extIdx + 1 < certSz)
ret = BUFFER_E;
if (ret == 0 && if (ret == 0 &&
cert[extIdx++] == (ASN_CONTEXT_SPECIFIC | 0)) { cert[extIdx++] == (ASN_CONTEXT_SPECIFIC | 0)) {
if (GetLength(cert, &extIdx, &extLen, certSz) <= 0) if (GetLength(cert, &extIdx, &extLen, certSz) <= 0)