Fix two issues with the authTag length in wc_PKCS7_DecodeAuthEnvelopedData.

Reported by: Jorge Milla (Pig-Tail) <jorge@jmilla.es>
This commit is contained in:
Kareem
2026-07-01 14:10:58 -07:00
parent 323027d1d2
commit 6409a9e9a2
+14
View File
@@ -15246,6 +15246,9 @@ authenv_atrbend:
localIdx = idx;
/* Get authTag OCTET STRING */
if (ret == 0 && localIdx >= pkiMsgSz) {
ret = BUFFER_E;
}
if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) {
ret = ASN_PARSE_E;
}
@@ -15306,6 +15309,17 @@ authenv_atrbend:
ret = ASN_PARSE_E;
}
#ifdef NO_PKCS7_STREAM
/* In the streaming build the block above re-buffers enough data for
* the auth tag. Without streaming, verify the tag fits within the
* provided input before copying. */
if (ret == 0 &&
(idx > pkiMsgSz || authTagSz > pkiMsgSz - idx)) {
WOLFSSL_MSG("AuthEnvelopedData authTag exceeds input buffer");
ret = BUFFER_E;
}
#endif
if (ret == 0) {
XMEMCPY(authTag, &pkiMsg[idx], authTagSz);
idx += authTagSz;