From e1890a4b0e7e8708489728446235b226fd6c7cbf Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 6 Jun 2018 09:23:54 -0700
Subject: [PATCH] Added some bad argument checks on compatibility functions
 `BIO_new_mem_buf` and `PEM_read_bio_PrivateKey`.

---
 src/ssl.c   | 11 +++++++++--
 tests/api.c | 10 +++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 8fbf2ce65..e0ce59235 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11599,12 +11599,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len)
     {
         WOLFSSL_BIO* bio = NULL;
-        if (buf == NULL)
+
+        if (buf == NULL || len < 0) {
             return bio;
+        }
 
         bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
-        if (bio == NULL)
+        if (bio == NULL) {
             return bio;
+        }
 
         bio->memLen = bio->wrSz = len;
         bio->mem    = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
@@ -27389,6 +27392,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
 
     WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey");
 
+    if (bio == NULL) {
+        return pkey;
+    }
+
     if ((ret = wolfSSL_BIO_pending(bio)) > 0) {
         memSz = ret;
         mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
diff --git a/tests/api.c b/tests/api.c
index c867b442d..0340372e9 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -15712,7 +15712,10 @@ static void test_wolfSSL_PEM_PrivateKey(void)
     AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
             WOLFSSL_SUCCESS);
 
-    /* test of creating new EVP_PKEY */
+    /* test creating new EVP_PKEY with bad arg */
+    AssertNull((pkey2 = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
+
+    /* test creating new EVP_PKEY with good args */
     AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
     AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
 
@@ -17518,6 +17521,11 @@ static void test_wolfSSL_BIO_gets(void)
 
     printf(testingFmt, "wolfSSL_X509_BIO_gets()");
 
+    /* try with bad args */
+    AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
+    AssertNull(bio = BIO_new_mem_buf((void*)msg, -1));
+
+    /* try with real msg */
     AssertNotNull(bio = BIO_new_mem_buf((void*)msg, sizeof(msg)));
     XMEMSET(buffer, 0, bufferSz);
     AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));