Add bounds check on wolfSSL_X509_notBefore and wolfSSL_X509_notAfter

This commit is contained in:
Paul Adelsbach
2026-03-26 11:08:10 -07:00
parent ef3ba4906b
commit 452652bbce
5 changed files with 56 additions and 52 deletions
+31 -39
View File
@@ -13743,11 +13743,34 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
}
#endif /* WOLFSSL_CERT_REQ */
/* Copy an ASN-encoded date (type + length + data) into a WOLFSSL_ASN1_TIME.
* srcDate: ASN date buffer where [0]=type, [1]=length, [2..]=date bytes.
* srcDateLen: total length of srcDate (0 means no date present). */
static void CopyDateToASN1_TIME(const byte* srcDate, int srcDateLen,
WOLFSSL_ASN1_TIME* dst)
{
if (srcDateLen >= 2) {
/* Clamp the date length to the maximum allowed size.
* This needs to match the size of WOLFSSL_ASN1_TIME minus the
* the type and length fields. */
const int maxSz = CTC_DATE_SIZE - 2;
const int copySz = (int)min(srcDate[1], maxSz);
dst->type = srcDate[0];
dst->length = copySz;
XMEMCPY(dst->data, &srcDate[2], copySz);
}
else {
dst->length = 0;
}
}
/* Copy parts X509 needs from Decoded cert, 0 on success */
int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
{
int ret = 0;
#ifdef WOLFSSL_SEP
int minSz;
#endif
if (x509 == NULL || dCert == NULL ||
dCert->subjectCNLen < 0)
@@ -13820,22 +13843,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->hwSerialNumSz = 0;
#endif /* WOLFSSL_SEP */
if (dCert->beforeDateLen > 0) {
minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
x509->notBefore.type = dCert->beforeDate[0];
x509->notBefore.length = minSz;
XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
}
else
x509->notBefore.length = 0;
if (dCert->afterDateLen > 0) {
minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
x509->notAfter.type = dCert->afterDate[0];
x509->notAfter.length = minSz;
XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
}
else
x509->notAfter.length = 0;
CopyDateToASN1_TIME(dCert->beforeDate, dCert->beforeDateLen,
&x509->notBefore);
CopyDateToASN1_TIME(dCert->afterDate, dCert->afterDateLen,
&x509->notAfter);
if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
x509->pubKey.buffer = (byte*)XMALLOC(
@@ -14217,29 +14228,10 @@ int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert)
}
/* Copy before and after dates. */
{
int minSz = 0;
if (dAcert->beforeDateLen > 0) {
minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ);
x509->notBefore.type = dAcert->beforeDate[0];
x509->notBefore.length = minSz;
XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz);
}
else {
x509->notBefore.length = 0;
}
if (dAcert->afterDateLen > 0) {
minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ);
x509->notAfter.type = dAcert->afterDate[0];
x509->notAfter.length = minSz;
XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz);
}
else {
x509->notAfter.length = 0;
}
}
CopyDateToASN1_TIME(dAcert->beforeDate, dAcert->beforeDateLen,
&x509->notBefore);
CopyDateToASN1_TIME(dAcert->afterDate, dAcert->afterDateLen,
&x509->notAfter);
/* Copy the signature. */
if (dAcert->signature != NULL && dAcert->sigLength != 0 &&
+1 -1
View File
@@ -424,7 +424,7 @@ int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) {
if (ExtractDate(ssl->ocspProducedDate,
(unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx,
MAX_DATE_SZ))
MAX_DATE_SIZE))
return 0;
else
return ASN_PARSE_E;
+22 -2
View File
@@ -4419,8 +4419,14 @@ const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
{
WOLFSSL_ENTER("wolfSSL_X509_notBefore");
if (x509 == NULL)
if (x509 == NULL) {
return NULL;
}
if (x509->notBefore.length < 0 ||
x509->notBefore.length > (int)sizeof(x509->notBeforeData) - 2) {
return NULL;
}
XMEMSET(x509->notBeforeData, 0, sizeof(x509->notBeforeData));
x509->notBeforeData[0] = (byte)x509->notBefore.type;
@@ -4437,8 +4443,14 @@ const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
{
WOLFSSL_ENTER("wolfSSL_X509_notAfter");
if (x509 == NULL)
if (x509 == NULL) {
return NULL;
}
if (x509->notAfter.length < 0 ||
x509->notAfter.length > (int)sizeof(x509->notAfterData) - 2) {
return NULL;
}
XMEMSET(x509->notAfterData, 0, sizeof(x509->notAfterData));
x509->notAfterData[0] = (byte)x509->notAfter.type;
@@ -16060,6 +16072,10 @@ int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t)
return WOLFSSL_FAILURE;
}
if (t->length < 0 || t->length > CTC_DATE_SIZE - 2) {
return WOLFSSL_FAILURE;
}
x509->notAfter.type = t->type;
x509->notAfter.length = t->length;
@@ -16074,6 +16090,10 @@ int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t)
return WOLFSSL_FAILURE;
}
if (t->length < 0 || t->length > CTC_DATE_SIZE - 2) {
return WOLFSSL_FAILURE;
}
x509->notBefore.type = t->type;
x509->notBefore.length = t->length;
+1 -9
View File
@@ -2471,10 +2471,6 @@ struct WOLFSSL_OCSP {
};
#endif
#ifndef MAX_DATE_SIZE
#define MAX_DATE_SIZE 32
#endif
typedef struct CRL_Entry CRL_Entry;
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
@@ -5312,10 +5308,6 @@ typedef struct Arrays {
#endif
#endif
#ifndef MAX_DATE_SZ
#define MAX_DATE_SZ 32
#endif
typedef enum {
STACK_TYPE_X509 = 0,
STACK_TYPE_GEN_NAME = 1,
@@ -6327,7 +6319,7 @@ struct WOLFSSL {
#endif /* HAVE_TLS_EXTENSIONS */
#ifdef HAVE_OCSP
void* ocspIOCtx;
byte ocspProducedDate[MAX_DATE_SZ];
byte ocspProducedDate[MAX_DATE_SIZE];
int ocspProducedDateFormat;
buffer ocspCsrResp[1 + MAX_CHAIN_DEPTH];
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+1 -1
View File
@@ -1272,7 +1272,7 @@ enum Misc_ASN {
DSA_PARAM_INTS = 3, /* DSA parameter ints */
RSA_PUB_INTS = 2, /* RSA ints in public key */
MIN_DATE_SIZE = 12,
MAX_DATE_SIZE = 32,
MAX_DATE_SIZE = CTC_DATE_SIZE,
ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
#ifdef WOLFSSL_CERT_GEN