feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

better bounds checking

Browse Source
This commit is contained in:
Jacob Barthelmeh
2018-05-17 16:55:59 -06:00
parent a6ad6b94d1
commit f67046f485
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wolfcrypt/src/asn.c
View File

@@ -5713,6 +5713,11 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
} }
length -= (idx - lenStartIdx); length -= (idx - lenStartIdx);
/* check that strLen at index is not past input buffer */
if (strLen + (int)idx > sz) {
return BUFFER_E;
}
#ifndef WOLFSSL_NO_ASN_STRICT #ifndef WOLFSSL_NO_ASN_STRICT
/* Verify RFC 5280 Sec 4.2.1.6 rule: /* Verify RFC 5280 Sec 4.2.1.6 rule:
"The name MUST NOT be a relative URI" */ "The name MUST NOT be a relative URI" */
@@ -5734,8 +5739,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
/* test if no ':' char was found and test that the next two /* test if no ':' char was found and test that the next two
* chars are // to match the pattern "://" */ * chars are // to match the pattern "://" */
if (i == strLen || (input[idx + i + 1] != '/' || if (i >= strLen - 2 || (input[idx + i + 1] != '/' ||
input[idx + i + 2] != '/')) { input[idx + i + 2] != '/')) {
WOLFSSL_MSG("\tAlt Name must be absolute URI"); WOLFSSL_MSG("\tAlt Name must be absolute URI");
return ASN_ALT_NAME_E; return ASN_ALT_NAME_E;
} }