Fix possible memcpy length overflow in wolfSSL_d2i_ASN1_INTEGER

This commit is contained in:
Paul Adelsbach
2026-07-07 17:41:49 -07:00
parent a296ac07fc
commit f842e33145
2 changed files with 13 additions and 0 deletions
+5
View File
@@ -1368,6 +1368,11 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
WOLFSSL_MSG("ASN.1 length not valid.");
err = 1;
}
/* Check that len + idx won't overflow a signed int */
if ((!err) && (len > INT_MAX - (int)idx)) {
WOLFSSL_MSG("ASN.1 length too large.");
err = 1;
}
/* Allocate a new ASN.1 INTEGER object. */
if ((!err) && ((ret = wolfSSL_ASN1_INTEGER_new()) == NULL)) {
err = 1;