wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2384 from JacobBarthelmeh/PKCS7

Browse Source 
add aditional sanity checks on buffer
This commit is contained in:
toddouska
2019-07-30 15:21:09 -07:00
committed by GitHub
parent 0a60c2bb2c ec18ae0fbc
commit 8b8cc41a1a
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wolfcrypt/src/pkcs7.c
View File

@ -4146,6 +4146,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
NO_USER_CHECK) <= 0) NO_USER_CHECK) <= 0)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
if (localIdx >= pkiMsgSz) {
ret = BUFFER_E;
}
/* get length of content in the case that there is multiple parts */ /* get length of content in the case that there is multiple parts */
if (ret == 0 && pkiMsg[localIdx] == (ASN_OCTET_STRING | ASN_CONSTRUCTED)) { if (ret == 0 && pkiMsg[localIdx] == (ASN_OCTET_STRING | ASN_CONSTRUCTED)) {
@ -4159,6 +4162,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
/* Check whether there is one OCTET_STRING inside. */ /* Check whether there is one OCTET_STRING inside. */
start = localIdx; start = localIdx;
if (localIdx >= pkiMsgSz) {
ret = BUFFER_E;
}
if (ret == 0 && pkiMsg[localIdx++] != ASN_OCTET_STRING) if (ret == 0 && pkiMsg[localIdx++] != ASN_OCTET_STRING)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;