mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 13:20:48 +02:00
Enforce max size of responses array in SendCertificateStatus.
Thanks to Zou Dikai for the report.
This commit is contained in:
@@ -25925,6 +25925,10 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
|
||||
if (idx > chain->length)
|
||||
break;
|
||||
if ((i + 1) >= MAX_CERT_EXTENSIONS) {
|
||||
ret = MAX_CERT_EXTENSIONS_ERR;
|
||||
break;
|
||||
}
|
||||
ret = CreateOcspRequest(ssl, request, cert, der.buffer,
|
||||
der.length, &ctxOwnsRequest);
|
||||
if (ret == 0) {
|
||||
@@ -25953,6 +25957,11 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
else {
|
||||
while (ret == 0 &&
|
||||
NULL != (request = ssl->ctx->chainOcspRequest[i])) {
|
||||
if ((i + 1) >= MAX_CERT_EXTENSIONS) {
|
||||
ret = MAX_CERT_EXTENSIONS_ERR;
|
||||
break;
|
||||
}
|
||||
|
||||
request->ssl = ssl;
|
||||
ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling,
|
||||
request, &responses[++i], ssl->heap);
|
||||
|
||||
Reference in New Issue
Block a user