check length in wc_oid_sum()

add MAX_OID_SZ to known macro extras
2025-08-03 20:54:41 +02:00 · 2025-06-11 12:47:13 -06:00
parent 1321e00e45
commit 8ab08f7b17
3 changed files with 10 additions and 1 deletions
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -306,6 +306,7 @@ MAXQ_EXPORT_TLS_KEYS
 MAXQ_SHA1
 MAXSEG_64K
 MAX_WOLFSSL_FILE_SIZE
+MAX_OID_SZ
 MDK_CONF_BARE_METAL
 MDK_CONF_FS
 MDK_CONF_RTX_TCP_FS
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6852,6 +6852,12 @@ word32 wc_oid_sum(const byte* input, int length)
    int shift = 0;
 #endif

+    /* Check for valid input. */
+    if (input == NULL || length > MAX_OID_SZ) {
+        WOLFSSL_MSG("wc_oid_sum: invalid args");
+        return 0;
+    }
+
    /* Sum it up for now. */
    for (i = 0; i < length; i++) {
    #ifdef WOLFSSL_OLD_OID_SUM
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1145,10 +1145,12 @@ enum Misc_ASN {
    #endif
                          /* Max total extensions, id + len + others */
 #endif
+#ifndef MAX_OID_SZ
+    MAX_OID_SZ          = 32,      /* Max DER length of OID*/
+#endif
 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
        defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) || \
        defined(HAVE_OID_DECODING) || defined(HAVE_OID_ENCODING)
-    MAX_OID_SZ          = 32,      /* Max DER length of OID*/
    MAX_OID_STRING_SZ   = 64,      /* Max string length representation of OID*/
 #endif
 #ifdef WOLFSSL_CERT_EXT