Merge pull request #5437 from douzzer/20220804-fixes

20220804 fixes
2025-07-30 18:57:27 +02:00 · 2022-08-04 13:55:03 -07:00
parent 99dad91344 9d5e633a96
commit 7465691c70
2 changed files with 29 additions and 11 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -26227,10 +26227,12 @@ static int SetReqAttribSingle(byte* output, int* idx, char* attr, int attrSz,
        if (strSz > 0) {
            XMEMCPY(&output[*idx], str, strSz);
            *idx += strSz;
+            if (attrSz > 0) {
                XMEMCPY(&output[*idx], attr, attrSz);
                *idx += attrSz;
            }
        }
+    }
    return totalSz;
 }

--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@ -1012,18 +1012,25 @@ void wc_FreeCertList(WC_DerCertList* list, void* heap)
    (void)heap;
 }

-static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz,
-    byte** cert, word32* certSz, void* heap)
+static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
+    byte** pkey, word32* pkeySz, byte** cert, word32* certSz, void* heap)
 {
    WC_DerCertList* current  = *list;
    WC_DerCertList* previous = NULL;
-    DecodedCert DeCert;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert *DeCert = (DecodedCert *)XMALLOC(
+        sizeof(*DeCert), heap, DYNAMIC_TYPE_PKCS);
+    if (DeCert == NULL)
+        return MEMORY_E;
+#else
+    DecodedCert DeCert[1];
+#endif

    while (current != NULL) {

-        InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
-        if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
-            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, &DeCert) == 1) {
+        InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
+        if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
+            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert) == 1) {
                WOLFSSL_MSG("Key Pair found");
                *cert = current->buffer;
                *certSz = current->bufferSz;
@ -1034,16 +1041,22 @@ static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz,
                else {
                    previous->next = current->next;
                }
-                FreeDecodedCert(&DeCert);
+                FreeDecodedCert(DeCert);
                XFREE(current, heap, DYNAMIC_TYPE_PKCS);
                break;
            }
        }
-        FreeDecodedCert(&DeCert);
+        FreeDecodedCert(DeCert);

        previous = current;
        current  = current->next;
    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(DeCert, heap, DYNAMIC_TYPE_PKCS);
+#endif
+
+    return 0;
 }


@ -1446,7 +1459,10 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,

    /* check if key pair, remove from list */
    if (*pkey != NULL) {
-        freeDecCertList(&certList, pkey, pkeySz, cert, certSz, pkcs12->heap);
+        ret = freeDecCertList(&certList, pkey, pkeySz, cert, certSz,
+                              pkcs12->heap);
+        if (ret < 0)
+            goto exit_pk12par;
    }

    /* if ca arg provided return certList, otherwise free it */