wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added checks for total length and the cert policy OID len to make sure they don't exceed buffer.

Browse Source
This commit is contained in:
David Garske
2016-03-07 14:20:37 -08:00
parent dee3645c4e
commit 9b79d8643e
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wolfcrypt/src/asn.c
View File

@@ -4608,6 +4608,12 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
WOLFSSL_MSG("\tGet CertPolicy total seq failed"); WOLFSSL_MSG("\tGet CertPolicy total seq failed");
return ASN_PARSE_E; return ASN_PARSE_E;
} }
/* Validate total length (2 is the CERT_POLICY_OID+SEQ) */
if ((total_length + 2) != sz) {
WOLFSSL_MSG("\tCertPolicy length mismatch");
return ASN_PARSE_E;
}
/* Unwrap certificatePolicies */ /* Unwrap certificatePolicies */
do { do {
@@ -4629,6 +4635,12 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
policy_length--; policy_length--;
if (length > 0) { if (length > 0) {
/* Verify length won't overrun buffer */
if (length > (sz - (int)idx)) {
WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
return ASN_PARSE_E;
}
#if defined(WOLFSSL_SEP) #if defined(WOLFSSL_SEP)
cert->deviceType = (byte*)XMALLOC(length, cert->heap, cert->deviceType = (byte*)XMALLOC(length, cert->heap,
DYNAMIC_TYPE_X509_EXT); DYNAMIC_TYPE_X509_EXT);