From e6252a94ce1278144e80e11e29d20bb6d4971567 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 27 Aug 2019 14:18:23 -0600 Subject: [PATCH] check attrib->value and attrib->valueSz before use --- wolfcrypt/src/pkcs7.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index ebc2f4228..c41d6b724 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -3447,6 +3447,9 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, } /* advance past attrib->value ASN.1 header and length */ + if (attrib->value == NULL || attrib->valueSz == 0) + return ASN_PARSE_E; + if (attrib->value[idx++] != ASN_OCTET_STRING) return ASN_PARSE_E;