mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 00:00:49 +02:00
F-5591: reject negative group count in group setters
wolfSSL_CTX_set_groups/wolfSSL_set_groups only rejected counts above WOLFSSL_MAX_GROUP_COUNT; a negative count skipped the copy loop and was cast to byte (e.g. 255) into numGroups, which InitSSL later trusts for a fixed-size copy. Reject count <= 0 in both, and in the set1_groups OpenSSL-compat wrappers.
This commit is contained in:
@@ -3319,8 +3319,8 @@ int wolfSSL_CTX_set1_groups(WOLFSSL_CTX* ctx, int* groups,
|
||||
int i;
|
||||
int _groups[WOLFSSL_MAX_GROUP_COUNT];
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_set1_groups");
|
||||
if (count == 0) {
|
||||
WOLFSSL_MSG("Group count is zero");
|
||||
if (count <= 0) {
|
||||
WOLFSSL_MSG("Group count is not positive");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
if (count > WOLFSSL_MAX_GROUP_COUNT) {
|
||||
@@ -3358,8 +3358,8 @@ int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count)
|
||||
int i;
|
||||
int _groups[WOLFSSL_MAX_GROUP_COUNT];
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_set1_groups");
|
||||
if (count == 0) {
|
||||
WOLFSSL_MSG("Group count is zero");
|
||||
if (count <= 0) {
|
||||
WOLFSSL_MSG("Group count is not positive");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
if (count > WOLFSSL_MAX_GROUP_COUNT) {
|
||||
|
||||
@@ -391,15 +391,17 @@ ProtocolVersion MakeTLSv1_3(void)
|
||||
* ctx SSL/TLS context object.
|
||||
* groups Array of groups.
|
||||
* count Number of groups in array.
|
||||
* returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3 or
|
||||
* count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
|
||||
* returns BAD_FUNC_ARG when ctx or groups is NULL, not using TLS v1.3, count is
|
||||
* not positive or count is greater than WOLFSSL_MAX_GROUP_COUNT and
|
||||
* WOLFSSL_SUCCESS on success.
|
||||
*/
|
||||
int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
|
||||
{
|
||||
int ret, i;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_set_groups");
|
||||
if (ctx == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
|
||||
if (ctx == NULL || groups == NULL || count <= 0 ||
|
||||
count > WOLFSSL_MAX_GROUP_COUNT)
|
||||
return BAD_FUNC_ARG;
|
||||
if (!IsTLS_ex(ctx->method->version))
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -436,15 +438,17 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
|
||||
* ssl SSL/TLS object.
|
||||
* groups Array of groups.
|
||||
* count Number of groups in array.
|
||||
* returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3 or
|
||||
* count is greater than WOLFSSL_MAX_GROUP_COUNT and WOLFSSL_SUCCESS on success.
|
||||
* returns BAD_FUNC_ARG when ssl or groups is NULL, not using TLS v1.3, count is
|
||||
* not positive or count is greater than WOLFSSL_MAX_GROUP_COUNT and
|
||||
* WOLFSSL_SUCCESS on success.
|
||||
*/
|
||||
int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
|
||||
{
|
||||
int ret, i;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_set_groups");
|
||||
if (ssl == NULL || groups == NULL || count > WOLFSSL_MAX_GROUP_COUNT)
|
||||
if (ssl == NULL || groups == NULL || count <= 0 ||
|
||||
count > WOLFSSL_MAX_GROUP_COUNT)
|
||||
return BAD_FUNC_ARG;
|
||||
if (!IsTLS_ex(ssl->version))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
Reference in New Issue
Block a user