add sanity check on serial size

2025-07-29 18:27:29 +02:00 · 2021-03-25 22:59:14 +07:00
parent 9ea60db80a
commit b4c0301f57
1 changed files with 5 additions and 3 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -41269,9 +41269,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
                WOLFSSL_MSG("Serial size error");
                return WOLFSSL_FAILURE;
            }
-            if ((int)sizeof(cert->serial) < serialSz) {
-                WOLFSSL_MSG("Serial buffer too small");
-                return BUFFER_E;
+
+            if (serialSz > EXTERNAL_SERIAL_SIZE ||
+                    serialSz > CTC_SERIAL_SIZE) {
+                WOLFSSL_MSG("Serial size too large error");
+                return WOLFSSL_FAILURE;
            }
            XMEMCPY(cert->serial, serial, serialSz);
            cert->serialSz = serialSz;