wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

sanity checks before copying copying peer certificate

Browse Source
This commit is contained in:
Jacob Barthelmeh
2017-05-04 13:10:46 -06:00
parent bfc43cee15
commit 9b5340d3af
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@@ -6597,7 +6597,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
ret = MEMORY_E; ret = MEMORY_E;
} }
if (dCert->signature != NULL && dCert->sigLength != 0) { if (dCert->signature != NULL && dCert->sigLength != 0 &&
dCert->sigLength <= MAX_ENCODED_SIG_SZ) {
x509->sig.buffer = (byte*)XMALLOC( x509->sig.buffer = (byte*)XMALLOC(
dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE); dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
if (x509->sig.buffer == NULL) { if (x509->sig.buffer == NULL) {
@@ -7158,8 +7159,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED; ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
#endif #endif
} }
else if (ret == ASN_PARSE_E) { else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
WOLFSSL_MSG("Got Peer cert ASN PARSE ERROR, fatal"); WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
fatal = 1; fatal = 1;
} }
else { else {
@@ -7257,8 +7258,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* HAVE_OCSP || HAVE_CRL */ #endif /* HAVE_OCSP || HAVE_CRL */
#ifdef KEEP_PEER_CERT #ifdef KEEP_PEER_CERT
{ if (fatal == 0) {
/* set X509 format for peer cert even if fatal */ /* set X509 format for peer cert */
int copyRet = CopyDecodedToX509(&ssl->peerCert, int copyRet = CopyDecodedToX509(&ssl->peerCert,
args->dCert); args->dCert);
if (copyRet == MEMORY_E) if (copyRet == MEMORY_E)

13
wolfcrypt/src/asn.c
View File

@@ -986,6 +986,17 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
if (GetLength(input, &idx, &length, maxIdx) < 0) if (GetLength(input, &idx, &length, maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* extra sanity check that length is greater than 0 */
if (length <= 0) {
WOLFSSL_MSG("Error length was 0 in CheckBitString");
return BUFFER_E;
}
if (idx + 1 > maxIdx) {
WOLFSSL_MSG("Attempted buffer read larger than input buffer");
return BUFFER_E;
}
b = input[idx]; b = input[idx];
if (zeroBits && b != 0x00) if (zeroBits && b != 0x00)
return ASN_EXPECT_0_E; return ASN_EXPECT_0_E;
@@ -998,7 +1009,7 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
return ASN_PARSE_E; return ASN_PARSE_E;
} }
idx++; idx++;
length--; length--; /* length has been checked for greater than 0 */
*inOutIdx = idx; *inOutIdx = idx;
if (len != NULL) if (len != NULL)