Merge pull request #10277 from kareem-wolfssl/zd21664_5

Add some missing length checks and fix length calculation.
This commit is contained in:
David Garske
2026-05-05 10:39:22 -07:00
committed by GitHub
2 changed files with 14 additions and 6 deletions
+12 -5
View File
@@ -33943,7 +33943,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
/* Ensure the buffer is null-terminated. */
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
if (args->encSz > MAX_PSK_ID_LEN) {
if (args->encSz > MAX_PSK_ID_LEN ||
args->encSz > MAX_ENCRYPT_SZ) {
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
}
XMEMCPY(args->encSecret, ssl->arrays->client_identity,
@@ -33974,6 +33975,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
if (esSz > MAX_PSK_ID_LEN) {
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
}
if (esSz > MAX_ENCRYPT_SZ - (2 * OPAQUE16_LEN)) {
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
}
/* CLIENT: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;
@@ -33988,7 +33992,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
args->output += OPAQUE16_LEN;
XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
args->output += esSz;
args->length = args->encSz - esSz - OPAQUE16_LEN;
args->length = args->encSz - esSz - (2 * OPAQUE16_LEN);
args->encSz = esSz + OPAQUE16_LEN;
CHECK_RET(ret, AllocKey(ssl, DYNAMIC_TYPE_DH,
@@ -34025,6 +34029,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
if (esSz > MAX_PSK_ID_LEN) {
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
}
if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN - OPAQUE8_LEN) {
ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
}
/* CLIENT: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;
@@ -34033,10 +34040,10 @@ int SendClientKeyExchange(WOLFSSL* ssl)
args->output += OPAQUE16_LEN;
XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
args->output += esSz;
args->encSz = esSz + OPAQUE16_LEN;
/* length is used for public key size */
args->length = MAX_ENCRYPT_SZ;
args->length =
args->encSz - esSz - OPAQUE16_LEN - OPAQUE8_LEN;
args->encSz = esSz + OPAQUE16_LEN;
/* Create shared ECC key leaving room at the beginning
* of buffer for size of shared key. */
+2 -1
View File
@@ -5375,7 +5375,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Session id */
args->sessIdSz = input[args->idx++];
if ((args->idx - args->begin) + args->sessIdSz > helloSz)
if (args->sessIdSz > ID_LEN || args->sessIdSz > RAN_LEN ||
((args->idx - args->begin) + args->sessIdSz > helloSz))
return BUFFER_ERROR;
args->sessId = input + args->idx;
args->idx += args->sessIdSz;