mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-08 15:00:51 +02:00
Fix two issues with the authTag length in wc_PKCS7_DecodeAuthEnvelopedData.
Reported by: Jorge Milla (Pig-Tail) <jorge@jmilla.es>
This commit is contained in:
@@ -15246,6 +15246,9 @@ authenv_atrbend:
|
||||
localIdx = idx;
|
||||
|
||||
/* Get authTag OCTET STRING */
|
||||
if (ret == 0 && localIdx >= pkiMsgSz) {
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
@@ -15306,6 +15309,17 @@ authenv_atrbend:
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
|
||||
#ifdef NO_PKCS7_STREAM
|
||||
/* In the streaming build the block above re-buffers enough data for
|
||||
* the auth tag. Without streaming, verify the tag fits within the
|
||||
* provided input before copying. */
|
||||
if (ret == 0 &&
|
||||
(idx > pkiMsgSz || authTagSz > pkiMsgSz - idx)) {
|
||||
WOLFSSL_MSG("AuthEnvelopedData authTag exceeds input buffer");
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
XMEMCPY(authTag, &pkiMsg[idx], authTagSz);
|
||||
idx += authTagSz;
|
||||
|
||||
Reference in New Issue
Block a user