diff --git a/tests/api/test_pkcs12.c b/tests/api/test_pkcs12.c index 4dfb3cfbc8..daa3c36a43 100644 --- a/tests/api/test_pkcs12.c +++ b/tests/api/test_pkcs12.c @@ -196,3 +196,42 @@ int test_wc_PKCS12_create(void) return EXPECT_RESULT(); } +int test_wc_d2i_PKCS12_bad_mac_salt(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \ + && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ + && !defined(NO_AES) && !defined(NO_SHA) && !defined(NO_SHA256) + WC_PKCS12* pkcs12 = NULL; + unsigned char der[FOURK_BUF * 2]; + int derSz = 0; + const char p12_f[] = "./certs/test-servercert.p12"; + XFILE f = XBADFILE; + int i; + int found = 0; + + ExpectTrue((f = XFOPEN(p12_f, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Scan backward within the last 100 bytes to find the MAC salt + * OCTET STRING (tag 0x04, length 0x08 for a typical 8-byte salt). + * Corrupt its length so that saltSz + curIdx > totalSz, triggering + * the error path in GetSignData() after salt allocation. */ + for (i = derSz - 2; i >= 0 && i >= derSz - 100; i--) { + if (der[i] == 0x04 && der[i + 1] == 0x08) { + der[i + 1] = 0xFF; + found = 1; + break; + } + } + ExpectIntEQ(found, 1); + + ExpectNotNull(pkcs12 = wc_PKCS12_new()); + ExpectIntNE(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0); + wc_PKCS12_free(pkcs12); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_pkcs12.h b/tests/api/test_pkcs12.h index 45823f0ed6..72807a8c23 100644 --- a/tests/api/test_pkcs12.h +++ b/tests/api/test_pkcs12.h @@ -26,9 +26,11 @@ int test_wc_i2d_PKCS12(void); int test_wc_PKCS12_create(void); +int test_wc_d2i_PKCS12_bad_mac_salt(void); #define TEST_PKCS12_DECLS \ TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12), \ - TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create) + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create), \ + TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt) #endif /* WOLFCRYPT_TEST_PKCS12_H */ diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index de368ac5aa..584c9fa3a7 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -509,6 +509,7 @@ exit_gsd: if (ret != 0) { if (mac) { XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST); + XFREE(mac->salt, pkcs12->heap, DYNAMIC_TYPE_SALT); XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); } }