wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check buffer length before XMEMCMP in GetOID

Browse Source
This commit is contained in:
Lealem Amedie
2023-12-12 15:13:42 -07:00
parent c4b77adf48
commit 2724edc257
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
wolfcrypt/src/asn.c
View File

@@ -5760,7 +5760,8 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
*
* These hacks will hopefully disappear when new standardized OIDs appear.
*/
if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&
XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,
sizeof(sigSphincsFast_Level3Oid)) == 0) {
found_collision = SPHINCS_FAST_LEVEL3k;
}