wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5892 from tatowicz/decodealtnames-fuzz-fix

Browse Source 
Add Overflow check to DecodeAltNames input buffer access
This commit is contained in:
David Garske
2022-12-15 09:21:37 -08:00
committed by GitHub
parent a3f3c76faa 370e0ce0f4
commit d46813953d
1 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
wolfcrypt/src/asn.c
View File

@@ -17338,6 +17338,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
byte current_byte;
WOLFSSL_ENTER("DecodeAltNames"); WOLFSSL_ENTER("DecodeAltNames");
@@ -17362,13 +17363,19 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
cert->weOwnAltNames = 1; cert->weOwnAltNames = 1;
while (length > 0) { while (length > 0) {
byte b = input[idx++]; /* Verify idx can't overflow input buffer */
if (idx >= (word32)sz) {
WOLFSSL_MSG("\tBad Index");
return BUFFER_E;
}
current_byte = input[idx++];
length--; length--;
/* Save DNS Type names in the altNames list. */ /* Save DNS Type names in the altNames list. */
/* Save Other Type names in the cert's OidMap */ /* Save Other Type names in the cert's OidMap */
if (b == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) { if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
DNS_entry* dnsEntry; DNS_entry* dnsEntry;
int strLen; int strLen;
word32 lenStartIdx = idx; word32 lenStartIdx = idx;
@@ -17403,7 +17410,8 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
idx += strLen; idx += strLen;
} }
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { else if (current_byte ==
(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
DNS_entry* dirEntry; DNS_entry* dirEntry;
int strLen; int strLen;
word32 lenStartIdx = idx; word32 lenStartIdx = idx;
@@ -17442,7 +17450,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
length -= strLen; length -= strLen;
idx += strLen; idx += strLen;
} }
else if (b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
DNS_entry* emailEntry; DNS_entry* emailEntry;
int strLen; int strLen;
word32 lenStartIdx = idx; word32 lenStartIdx = idx;
@@ -17477,7 +17485,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
length -= strLen; length -= strLen;
idx += strLen; idx += strLen;
} }
else if (b == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) { else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
DNS_entry* uriEntry; DNS_entry* uriEntry;
int strLen; int strLen;
word32 lenStartIdx = idx; word32 lenStartIdx = idx;
@@ -17548,7 +17556,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
idx += strLen; idx += strLen;
} }
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
else if (b == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
DNS_entry* ipAddr; DNS_entry* ipAddr;
int strLen; int strLen;
word32 lenStartIdx = idx; word32 lenStartIdx = idx;
@@ -17597,8 +17605,8 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
} }
#endif /* WOLFSSL_QT || OPENSSL_ALL */ #endif /* WOLFSSL_QT || OPENSSL_ALL */
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) else if (current_byte ==
{ (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
int strLen; int strLen;
word32 lenStartIdx = idx; word32 lenStartIdx = idx;
word32 oid = 0; word32 oid = 0;