diff --git a/src/internal.c b/src/internal.c index fdb36d615..c462742fb 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7964,13 +7964,21 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* allocate buffer for certs */ - args->certs = (buffer*)XMALLOC(sizeof(buffer) * ssl->verifyDepth, + #ifdef OPENSSL_EXTRA + args->certs = (buffer*)XMALLOC(sizeof(buffer) * + (ssl->verifyDepth + 1), ssl->heap, DYNAMIC_TYPE_DER); + if (args->certs == NULL) { + ERROR_OUT(MEMORY_E, exit_ppc); + } + XMEMSET(args->certs, 0, sizeof(buffer) * (ssl->verifyDepth + 1)); + #else + args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH, ssl->heap, DYNAMIC_TYPE_DER); if (args->certs == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } - XMEMSET(args->certs, 0, sizeof(buffer) * ssl->verifyDepth); - + XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH); + #endif /* OPENSSL_EXTRA */ /* Certificate List */ if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { ERROR_OUT(BUFFER_ERROR, exit_ppc); @@ -7990,12 +7998,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, while (listSz) { word32 certSz; - if (args->totalCerts >= ssl->verifyDepth) { #ifdef OPENSSL_EXTRA + if (args->totalCerts > ssl->verifyDepth) { ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; - #endif ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); } + #else + if (args->totalCerts >= ssl->verifyDepth || + args->totalCerts >= MAX_CHAIN_DEPTH) { + ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); + } + #endif if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { ERROR_OUT(BUFFER_ERROR, exit_ppc);