mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:30:49 +02:00
In wc_PKCS7_DecodeEnvelopedData, confirm encryptedContentTotalSz does not exceed the total message size before using it in the non-streaming case.
Thanks to Zou Dikai for the report.
This commit is contained in:
@@ -13242,6 +13242,11 @@ int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
||||
}
|
||||
wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap);
|
||||
} else {
|
||||
if ((idx + (word32)encryptedContentTotalSz) > pkiMsgSz) {
|
||||
ret = BUFFER_E;
|
||||
break;
|
||||
}
|
||||
|
||||
pkcs7->cachedEncryptedContentSz =
|
||||
(word32)encryptedContentTotalSz;
|
||||
pkcs7->totalEncryptedContentSz =
|
||||
|
||||
Reference in New Issue
Block a user