check idx before accessing certificate list

This commit is contained in:
Ruby Martin
2026-03-25 15:23:32 -06:00
parent 3bc72b5d27
commit 1766b91dc2
+6 -2
View File
@@ -8770,8 +8770,8 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
{
word32 len;
/* Is index at end of list. */
if (*idx == length)
/* Would index read past end of list? */
if (*idx + 3 > length)
return 0;
/* Length of the current ASN.1 encoded certificate. */
@@ -8779,6 +8779,10 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
/* Include the length field. */
len += 3;
/* Ensure len does not overrun certificate list */
if (*idx + len > length)
return 0;
/* Move index to next certificate and return the current certificate's
* length.
*/