mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:50:48 +02:00
Merge pull request #9861 from JacobBarthelmeh/f360
additional sanity check on number of groups passed to set groups func…
This commit is contained in:
@@ -3041,6 +3041,10 @@ int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
|
||||
WOLFSSL_MSG("Group count is zero");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
if (count > WOLFSSL_MAX_GROUP_COUNT) {
|
||||
WOLFSSL_MSG("Group count exceeds maximum");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
for (i = 0; i < count; i++) {
|
||||
if (isValidCurveGroup((word16)groups[i])) {
|
||||
_groups[i] = groups[i];
|
||||
@@ -3076,6 +3080,10 @@ int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count)
|
||||
WOLFSSL_MSG("Group count is zero");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
if (count > WOLFSSL_MAX_GROUP_COUNT) {
|
||||
WOLFSSL_MSG("Group count exceeds maximum");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
for (i = 0; i < count; i++) {
|
||||
if (isValidCurveGroup((word16)groups[i])) {
|
||||
_groups[i] = groups[i];
|
||||
|
||||
@@ -119,6 +119,9 @@ int test_tls13_apis(void)
|
||||
int bad_groups[2] = { 0xDEAD, 0xBEEF };
|
||||
#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
|
||||
int numGroups = 2;
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT)
|
||||
int too_many_groups[WOLFSSL_MAX_GROUP_COUNT + 1];
|
||||
#endif
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
|
||||
char groupList[] =
|
||||
@@ -605,6 +608,17 @@ int test_tls13_apis(void)
|
||||
#endif
|
||||
ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList),
|
||||
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT)
|
||||
{
|
||||
int idx;
|
||||
for (idx = 0; idx < WOLFSSL_MAX_GROUP_COUNT + 1; idx++)
|
||||
too_many_groups[idx] = WOLFSSL_ECC_SECP256R1;
|
||||
}
|
||||
ExpectIntEQ(wolfSSL_CTX_set1_groups(clientCtx, too_many_groups,
|
||||
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
ExpectIntEQ(wolfSSL_set1_groups(clientSsl, too_many_groups,
|
||||
WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
|
||||
#endif
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
|
||||
|
||||
Reference in New Issue
Block a user