WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #303 from guidovranken/27666 

Use overflow-safe bounds checking in DoKexDhReply
pull/309/head
David Garske 2021-01-13 07:13:29 -08:00 committed by GitHub
parent 707312065b 0484497905
commit 43d653867f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@ -2989,15 +2989,16 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
if (ret == WS_SUCCESS) {
pubKeyIdx += scratch;
ret = GetUint32(&eSz, pubKey, pubKeySz, &pubKeyIdx);
if (ret == WS_SUCCESS && eSz > len - pubKeyIdx)
ret = WS_BUFFER_E;
}
if (ret == WS_SUCCESS) {
e = pubKey + pubKeyIdx;
pubKeyIdx += eSz;
ret = GetUint32(&nSz, pubKey, pubKeySz, &pubKeyIdx);
if (ret == WS_SUCCESS && (nSz + pubKeyIdx > len)) {
if (ret == WS_SUCCESS && nSz > len - pubKeyIdx)
ret = WS_BUFFER_E;
}
}
if (ret == WS_SUCCESS) {
n = pubKey + pubKeyIdx;
ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz,