wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent out-of-bound read in ASN parsing logic by erroring out.

Browse Source
This commit is contained in:
tim-weller-wolfssl
2023-03-08 12:24:36 -06:00
parent 7f6811a731
commit 5659bd6036
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
wolfcrypt/src/asn.c
View File

@ -33274,6 +33274,9 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
return ASN_PARSE_E;
}
if (idx >= size)
return BUFFER_E;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
single->status->thisDateAsn = source + idx;
localIdx = 0;
@ -33281,6 +33284,10 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
(byte*)&single->status->thisDateParsed.type,
&single->status->thisDateParsed.length, size) < 0)
return ASN_PARSE_E;
if (idx + localIdx >= size)
return BUFFER_E;
XMEMCPY(single->status->thisDateParsed.data,
single->status->thisDateAsn + localIdx - single->status->thisDateParsed.length,
single->status->thisDateParsed.length);
@ -33313,6 +33320,10 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
(byte*)&single->status->nextDateParsed.type,
&single->status->nextDateParsed.length, size) < 0)
return ASN_PARSE_E;
if (idx + localIdx >= size)
return BUFFER_E;
XMEMCPY(single->status->nextDateParsed.data,
single->status->nextDateAsn + localIdx - single->status->nextDateParsed.length,
single->status->nextDateParsed.length);