F-5591: reject negative group count in group setters

wolfSSL_CTX_set_groups/wolfSSL_set_groups only rejected counts above
WOLFSSL_MAX_GROUP_COUNT; a negative count skipped the copy loop and was
cast to byte (e.g. 255) into numGroups, which InitSSL later trusts for a
fixed-size copy. Reject count <= 0 in both, and in the set1_groups
OpenSSL-compat wrappers.
This commit is contained in:
Juliusz Sosinowicz
2026-06-01 18:32:36 +02:00
parent 0089fa852e
commit 289a2670f4
2 changed files with 14 additions and 10 deletions
+4 -4
View File
@@ -3319,8 +3319,8 @@ int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
int i;
int _groups[WOLFSSL_MAX_GROUP_COUNT];
WOLFSSL_ENTER("wolfSSL_CTX_set1_groups");
if (count == 0) {
WOLFSSL_MSG("Group count is zero");
if (count <= 0) {
WOLFSSL_MSG("Group count is not positive");
return WOLFSSL_FAILURE;
}
if (count > WOLFSSL_MAX_GROUP_COUNT) {
@@ -3358,8 +3358,8 @@ int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count)
int i;
int _groups[WOLFSSL_MAX_GROUP_COUNT];
WOLFSSL_ENTER("wolfSSL_CTX_set1_groups");
if (count == 0) {
WOLFSSL_MSG("Group count is zero");
if (count <= 0) {
WOLFSSL_MSG("Group count is not positive");
return WOLFSSL_FAILURE;
}
if (count > WOLFSSL_MAX_GROUP_COUNT) {
+10 -6
View File
@@ -391,15 +391,17 @@ ProtocolVersion MakeTLSv1_3(void)
* ctx SSL/TLS context object.
* groups Array of groups.
* count Number of groups in array.
* returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3 or
* count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
* returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3, count is
* not positive or count is greater than WOLFSSL_MAX_GROUP_COUNT and
* WOLFSSL_SUCCESS on success.
*/
int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
{
int ret, i;
WOLFSSL_ENTER("wolfSSL_CTX_set_groups");
if (ctx == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
if (ctx == NULL || groups == NULL || count <= 0 ||
count > WOLFSSL_MAX_GROUP_COUNT)
return BAD_FUNC_ARG;
if (!IsTLS_ex(ctx->method->version))
return BAD_FUNC_ARG;
@@ -436,15 +438,17 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
* ssl SSL/TLS object.
* groups Array of groups.
* count Number of groups in array.
* returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3 or
* count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
* returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3, count is
* not positive or count is greater than WOLFSSL_MAX_GROUP_COUNT and
* WOLFSSL_SUCCESS on success.
*/
int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
{
int ret, i;
WOLFSSL_ENTER("wolfSSL_set_groups");
if (ssl == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
if (ssl == NULL || groups == NULL || count <= 0 ||
count > WOLFSSL_MAX_GROUP_COUNT)
return BAD_FUNC_ARG;
if (!IsTLS_ex(ssl->version))
return BAD_FUNC_ARG;