forked from wolfSSL/wolfssl
sanity check on length before read
This commit is contained in:
@@ -8036,7 +8036,13 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
|
||||
certSz) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if ((extIdx + 1) > certSz)
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if (cert[extIdx] == ASN_BOOLEAN) {
|
||||
if (GetBoolean(cert, &extIdx, certSz) < 0)
|
||||
@@ -8055,6 +8061,9 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
|
||||
if (GetSequence(cert, &extIdx, &extLen, certSz) < 0)
|
||||
ret = ASN_PARSE_E;
|
||||
|
||||
if (ret == 0 && extIdx + 1 < certSz)
|
||||
ret = BUFFER_E;
|
||||
|
||||
if (ret == 0 &&
|
||||
cert[extIdx++] == (ASN_CONTEXT_SPECIFIC | 0)) {
|
||||
if (GetLength(cert, &extIdx, &extLen, certSz) <= 0)
|
||||
|
Reference in New Issue
Block a user