wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

check PKCS7 content length is not larger than bundle if not using separate header/footer

Browse Source
This commit is contained in:
Chris Conlon
2020-10-23 09:44:08 -07:00
parent a7b325f542
commit c27d5f57c4
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfcrypt/src/pkcs7.c
View File

@ -4397,6 +4397,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
/* support using header and footer without content */
if (pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0) {
localIdx = 0;
} else if (pkiMsg2 == NULL && hashBuf == NULL) {
/* header/footer not separate, check content length is
* not larger than total bundle size */
if ((localIdx + length) > pkiMsgSz) {
WOLFSSL_MSG("Content length detected is larger than "
"total bundle size");
ret = BUFFER_E;
break;
}
}
idx = localIdx;
}