Merge pull request #7536 from gasbytes/buffer_overflows_fix

added check that checks if the SEQ's length is > than the buff's length
2024-05-15 10:56:42 -07:00
parent ac7aea9674 2f24b35ab1
commit fd4db1497f
1 changed files with 4 additions and 0 deletions
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@ -160,6 +160,10 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format,
        else {
            ret = ASN_PARSE_E;
        }
+
+        if (info->consumed > (int)len) {
+            ret = ASN_PARSE_E;
+        }
        if (ret == 0) {
            ret = AllocCopyDer(der, buff, (word32)info->consumed, type, heap);
        }