wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

do bounds check on full word32 size to match

Browse Source 
inputBuffer length
This commit is contained in:
John Bland
2024-01-03 17:21:08 -05:00
parent e641c6b738
commit e1435e96d2
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/internal.c
View File

@ -21162,16 +21162,19 @@ default:
ssl->keys.decryptedCur = 1;
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
/* end of plaintext */
word16 i = (word16)(ssl->buffers.inputBuffer.idx +
ssl->curSize - ssl->specs.aead_mac_size);
/* check i isn't too big and won't wrap around on --i */
if (i > ssl->buffers.inputBuffer.length || i == 0) {
/* check that the end of the logical length doesn't extend
* past the real buffer */
word32 boundsCheck = (ssl->buffers.inputBuffer.idx +
ssl->curSize - ssl->specs.aead_mac_size);
if (boundsCheck > ssl->buffers.inputBuffer.length ||
boundsCheck == 0) {
WOLFSSL_ERROR(BUFFER_ERROR);
return BUFFER_ERROR;
}
/* end of plaintext */
word16 i = (word16)(boundsCheck);
/* Remove padding from end of plain text. */
for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
if (ssl->buffers.inputBuffer.buffer[i] != 0)