Merge pull request #3190 from embhorn/zd10712

Sanity check key sizes
2025-07-31 19:24:42 +02:00 · 2020-08-12 09:37:40 -07:00
parent 21ed05b85e 50647ccdb1
commit e30341ea83
1 changed files with 3 additions and 0 deletions
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -615,6 +615,9 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
    digestSz = SrpHashSize(srp->type);
    secretSz = mp_unsigned_bin_size(&srp->N);

+    if ((secretSz < clientPubKeySz) || (secretSz < serverPubKeySz))
+        return BAD_FUNC_ARG;
+
    if ((secret = (byte*)XMALLOC(secretSz, srp->heap, DYNAMIC_TYPE_SRP)) ==NULL)
        return MEMORY_E;