mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:00:49 +02:00
reject negative pemSz in PEM-to-DER APIs
This commit is contained in:
+14
@@ -11869,6 +11869,10 @@ static int test_wc_CertPemToDer(void)
|
||||
(int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1,
|
||||
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_CertPemToDer(cert_buf, -1, cert_der, (int)cert_dersz,
|
||||
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_CertPemToDer(cert_buf, 0, cert_der, (int)cert_dersz,
|
||||
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
if (cert_der != NULL)
|
||||
free(cert_der);
|
||||
@@ -11925,6 +11929,12 @@ static int test_wc_KeyPemToDer(void)
|
||||
ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
/* Bad arg: negative or zero pemSz */
|
||||
ExpectIntEQ(wc_KeyPemToDer(cert_buf, -1, (byte*)&cert_der, cert_sz, ""),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_KeyPemToDer(cert_buf, 0, (byte*)&cert_der, cert_sz, ""),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
/* Test normal operation */
|
||||
cert_dersz = cert_sz; /* DER will be smaller than PEM */
|
||||
ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz));
|
||||
@@ -11968,6 +11978,10 @@ static int test_wc_PubKeyPemToDer(void)
|
||||
ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0);
|
||||
cert_dersz = cert_sz; /* DER will be smaller than PEM */
|
||||
ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
|
||||
ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, -1, cert_der, (int)cert_dersz),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, 0, cert_der, (int)cert_dersz),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der,
|
||||
(int)cert_dersz), 0);
|
||||
if (cert_der != NULL) {
|
||||
|
||||
+3
-3
@@ -24322,7 +24322,7 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
|
||||
|
||||
WOLFSSL_ENTER("wc_KeyPemToDer");
|
||||
|
||||
if (pem == NULL || (buff != NULL && buffSz <= 0)) {
|
||||
if (pem == NULL || (buff != NULL && buffSz <= 0) || pemSz <= 0) {
|
||||
WOLFSSL_MSG("Bad pem der args");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -24373,7 +24373,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz,
|
||||
|
||||
WOLFSSL_ENTER("wc_CertPemToDer");
|
||||
|
||||
if (pem == NULL || buff == NULL || buffSz <= 0) {
|
||||
if (pem == NULL || buff == NULL || buffSz <= 0 || pemSz <= 0) {
|
||||
WOLFSSL_MSG("Bad pem der args");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -24420,7 +24420,7 @@ int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
|
||||
|
||||
WOLFSSL_ENTER("wc_PubKeyPemToDer");
|
||||
|
||||
if (pem == NULL || (buff != NULL && buffSz <= 0)) {
|
||||
if (pem == NULL || (buff != NULL && buffSz <= 0) || pemSz <= 0) {
|
||||
WOLFSSL_MSG("Bad pem der args");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user