Merge pull request #4752 from LinuxJedi/fix-ber-der

Fix buffer overflows in BERtoDER
2025-08-02 04:04:39 +02:00 · 2022-01-17 21:05:39 -07:00
parent 84b06ac1b6 1a4bc322f7
commit e11d484746
1 changed files with 23 additions and 6 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -4451,17 +4451,32 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                    return ret;
                pkiMsg   = in = pkcs7->der;
-                pkiMsgSz = pkcs7->derSz = len;
+                pkiMsgSz = inSz = pkcs7->derSz = len;
                idx = 0;
                if (GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz,
                            NO_USER_CHECK) < 0)
                    return ASN_PARSE_E;
            #ifndef NO_PKCS7_STREAM
                wc_PKCS7_ResetStream(pkcs7);
                if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
                                MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_SEQ_SZ +
                                MAX_LENGTH_SZ + ASN_TAG_SZ + MAX_OID_SZ +
                                MAX_SEQ_SZ, &pkiMsg, &idx)) != 0) {
                    break;
                }
                pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
                                                        inSz;
                totalSz = pkiMsgSz;
                if (pkiMsg2 && pkiMsg2Sz > 0) {
                    totalSz += pkiMsg2Sz + pkcs7->contentSz;
                }
                if ((ret = wc_PKCS7_SetMaxStream(pkcs7, in, len)) != 0) {
                    break;
                }
            #endif
                if (GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz,
                            NO_USER_CHECK) < 0)
                    return ASN_PARSE_E;
        #else
                ret = BER_INDEF_E;
        #endif
@@ -10497,8 +10512,10 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
        #ifdef ASN_BER_TO_DER
            /* check if content was BER and has been converted to DER */
-            if (pkcs7->derSz > 0)
+            if (pkcs7->derSz > 0) {
                pkiMsg = in = pkcs7->der;
                pkiMsgSz = inSz = pkcs7->derSz;
            }
        #endif
            decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,