wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

add sanity check on PKCS7 index value

Browse Source
This commit is contained in:
JacobBarthelmeh
2023-04-25 08:30:33 -07:00
parent 3e5c8af571
commit d701a0a06e
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wolfcrypt/src/pkcs7.c
View File

@ -9733,6 +9733,10 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
*idx += (dateLen + 1); *idx += (dateLen + 1);
} }
if (*idx > pkiMsgSz) {
return ASN_PARSE_E;
}
/* may have OPTIONAL OtherKeyAttribute */ /* may have OPTIONAL OtherKeyAttribute */
localIdx = *idx; localIdx = *idx;
if ((*idx < kekIdSz) && GetASNTag(pkiMsg, &localIdx, &tag, if ((*idx < kekIdSz) && GetASNTag(pkiMsg, &localIdx, &tag,
@ -9745,6 +9749,10 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
*idx += length; *idx += length;
} }
if (*idx > pkiMsgSz) {
return ASN_PARSE_E;
}
/* get KeyEncryptionAlgorithmIdentifier */ /* get KeyEncryptionAlgorithmIdentifier */
if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz) < 0) if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;