Merge pull request #2851 from JacobBarthelmeh/SanityChecks

add space for null terminator and check on header pointer
2020-03-19 16:00:57 -07:00
parent 00630baa53 aff80ab0d3
commit f4a8430115
2 changed files with 5 additions and 8 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -5046,13 +5046,9 @@ static void test_wolfSSL_PKCS8(void)
    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 #else
-#ifdef OPENSSL_EXTRA
-    AssertIntGT((bytes = wc_KeyPemToDer(buffer, bytes, der,
-        (word32)sizeof(der), NULL)), 0);
-#else
+    /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
    AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der,
        (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
-#endif
 #endif /* HAVE_ECC */

    wolfSSL_CTX_free(ctx);
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -10434,8 +10434,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
    #endif
 #endif
 #ifdef OPENSSL_EXTRA
-    char        beginBuf[PEM_LINE_LEN];
-    char        endBuf[PEM_LINE_LEN];
+    char        beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */
+    char        endBuf[PEM_LINE_LEN + 1];   /* add 1 for null terminator */
 #endif

    WOLFSSL_ENTER("PemToDer");
@ -10506,7 +10506,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                            XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0) {
                headerEnd--;
            }
-            if (XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
+            if (headerEnd <= (char*)buff ||
+                    XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
                    XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 ||
                    beginEnd - headerEnd > PEM_LINE_LEN) {
                WOLFSSL_MSG("Couldn't find PEM header");