mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-08 13:20:49 +02:00
add check to prevent integer underflow
This commit is contained in:
+2
-1
@@ -21240,7 +21240,8 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
|
||||
if (ssl->specs.cipher_type == block) {
|
||||
#ifdef HAVE_ENCRYPT_THEN_MAC
|
||||
if (ssl->options.startedETMRead) {
|
||||
if ((encryptSz - MacSize(ssl)) % ssl->specs.block_size) {
|
||||
if (encryptSz < minLength ||
|
||||
(encryptSz - MacSize(ssl)) % ssl->specs.block_size) {
|
||||
WOLFSSL_MSG("Block ciphertext not block size");
|
||||
WOLFSSL_ERROR_VERBOSE(SANITY_CIPHER_E);
|
||||
return SANITY_CIPHER_E;
|
||||
|
||||
Reference in New Issue
Block a user