check sigAlgs.size against WOLFSSL_MAX_SIGALGO

2025-07-31 19:24:42 +02:00 · 2025-07-07 11:51:29 -06:00
parent f44178ca1b
commit f62d0fa256
1 changed files with 2 additions and 0 deletions
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -678,6 +678,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
            ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
        if ((sigAlgs.size % 2) != 0)
            ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
+        if (sigAlgs.size > WOLFSSL_MAX_SIGALGO)
+            ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
        suites.hashSigAlgoSz = (word16)sigAlgs.size;
        XMEMCPY(suites.hashSigAlgo, sigAlgs.elements, sigAlgs.size);
        haveSA = 1;