wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix dataASN null pointer dereference in asn.c.

Browse Source
This commit is contained in:
jordan
2024-02-28 15:37:55 -06:00
parent 6500444b26
commit c24add5da9
2 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/tls.c
View File

@ -3097,6 +3097,7 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
if (isRequest) { if (isRequest) {
int ret = 0;
word16 offset = 0; word16 offset = 0;
word16 length = 0; word16 length = 0;
@ -3110,12 +3111,16 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
/* request extensions */ /* request extensions */
if (csr->request.ocsp.nonceSz) if (csr->request.ocsp.nonceSz) {
length = (word16)EncodeOcspRequestExtensions( ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp,
&csr->request.ocsp,
output + offset + OPAQUE16_LEN, output + offset + OPAQUE16_LEN,
OCSP_NONCE_EXT_SZ); OCSP_NONCE_EXT_SZ);
if (ret > 0) {
length = (word16)ret;
}
}
c16toa(length, output + offset); c16toa(length, output + offset);
offset += OPAQUE16_LEN + length; offset += OPAQUE16_LEN + length;
@ -3558,6 +3563,7 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
if (isRequest) { if (isRequest) {
int ret = 0;
word16 offset; word16 offset;
word16 length; word16 length;
@ -3585,12 +3591,17 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
/* request extensions */ /* request extensions */
length = 0; length = 0;
if (csr2->request.ocsp[0].nonceSz) if (csr2->request.ocsp[0].nonceSz) {
length = (word16)EncodeOcspRequestExtensions( ret = (int)EncodeOcspRequestExtensions(
&csr2->request.ocsp[0], &csr2->request.ocsp[0],
output + offset + OPAQUE16_LEN, output + offset + OPAQUE16_LEN,
OCSP_NONCE_EXT_SZ); OCSP_NONCE_EXT_SZ);
if (ret > 0) {
length = (word16)ret;
}
}
c16toa(length, output + offset); c16toa(length, output + offset);
offset += OPAQUE16_LEN + length; offset += OPAQUE16_LEN + length;
break; break;

20
wolfcrypt/src/asn.c
View File

@ -36359,18 +36359,20 @@ word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size)
/* Check request has nonce to write in extension. */ /* Check request has nonce to write in extension. */
if (req != NULL && req->nonceSz != 0) { if (req != NULL && req->nonceSz != 0) {
DECL_ASNSETDATA(dataASN, ocspNonceExtASN_Length); DECL_ASNSETDATA(dataASN, ocspNonceExtASN_Length);
int sz; int sz = 0;
CALLOC_ASNSETDATA(dataASN, ocspNonceExtASN_Length, ret, req->heap); CALLOC_ASNSETDATA(dataASN, ocspNonceExtASN_Length, ret, req->heap);
/* Set nonce extension OID and nonce. */ if ((ret == 0) && (output != NULL)) {
SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], NonceObjId, /* Set nonce extension OID and nonce. */
sizeof(NonceObjId)); SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], NonceObjId,
SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], req->nonce, sizeof(NonceObjId));
(word32)req->nonceSz); SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], req->nonce,
/* Calculate size of nonce extension. */ (word32)req->nonceSz);
ret = SizeASN_Items(ocspNonceExtASN, dataASN, ocspNonceExtASN_Length, /* Calculate size of nonce extension. */
&sz); ret = SizeASN_Items(ocspNonceExtASN, dataASN,
ocspNonceExtASN_Length, &sz);
}
/* Check buffer big enough for encoding if supplied. */ /* Check buffer big enough for encoding if supplied. */
if ((ret == 0) && (output != NULL) && (sz > (int)size)) { if ((ret == 0) && (output != NULL) && (sz > (int)size)) {
ret = BUFFER_E; ret = BUFFER_E;