mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 06:50:49 +02:00
Merge pull request #10277 from kareem-wolfssl/zd21664_5
Add some missing length checks and fix length calculation.
This commit is contained in:
+12
-5
@@ -33943,7 +33943,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
/* Ensure the buffer is null-terminated. */
|
||||
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
|
||||
args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
|
||||
if (args->encSz > MAX_PSK_ID_LEN) {
|
||||
if (args->encSz > MAX_PSK_ID_LEN ||
|
||||
args->encSz > MAX_ENCRYPT_SZ) {
|
||||
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
|
||||
}
|
||||
XMEMCPY(args->encSecret, ssl->arrays->client_identity,
|
||||
@@ -33974,6 +33975,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
if (esSz > MAX_PSK_ID_LEN) {
|
||||
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
|
||||
}
|
||||
if (esSz > MAX_ENCRYPT_SZ - (2 * OPAQUE16_LEN)) {
|
||||
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
|
||||
}
|
||||
/* CLIENT: Pre-shared Key for peer authentication. */
|
||||
ssl->options.peerAuthGood = 1;
|
||||
|
||||
@@ -33988,7 +33992,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
args->output += OPAQUE16_LEN;
|
||||
XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
|
||||
args->output += esSz;
|
||||
args->length = args->encSz - esSz - OPAQUE16_LEN;
|
||||
args->length = args->encSz - esSz - (2 * OPAQUE16_LEN);
|
||||
args->encSz = esSz + OPAQUE16_LEN;
|
||||
|
||||
CHECK_RET(ret, AllocKey(ssl, DYNAMIC_TYPE_DH,
|
||||
@@ -34025,6 +34029,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
if (esSz > MAX_PSK_ID_LEN) {
|
||||
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
|
||||
}
|
||||
if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN - OPAQUE8_LEN) {
|
||||
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
|
||||
}
|
||||
/* CLIENT: Pre-shared Key for peer authentication. */
|
||||
ssl->options.peerAuthGood = 1;
|
||||
|
||||
@@ -34033,10 +34040,10 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
args->output += OPAQUE16_LEN;
|
||||
XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
|
||||
args->output += esSz;
|
||||
args->encSz = esSz + OPAQUE16_LEN;
|
||||
|
||||
/* length is used for public key size */
|
||||
args->length = MAX_ENCRYPT_SZ;
|
||||
args->length =
|
||||
args->encSz - esSz - OPAQUE16_LEN - OPAQUE8_LEN;
|
||||
args->encSz = esSz + OPAQUE16_LEN;
|
||||
|
||||
/* Create shared ECC key leaving room at the beginning
|
||||
* of buffer for size of shared key. */
|
||||
|
||||
+2
-1
@@ -5375,7 +5375,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
/* Session id */
|
||||
args->sessIdSz = input[args->idx++];
|
||||
if ((args->idx - args->begin) + args->sessIdSz > helloSz)
|
||||
if (args->sessIdSz > ID_LEN || args->sessIdSz > RAN_LEN ||
|
||||
((args->idx - args->begin) + args->sessIdSz > helloSz))
|
||||
return BUFFER_ERROR;
|
||||
args->sessId = input + args->idx;
|
||||
args->idx += args->sessIdSz;
|
||||
|
||||
Reference in New Issue
Block a user