WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #290 from ejohnstown/user-auth-bounds 

User Authentication Bounds Checks
pull/292/head
JacobBarthelmeh 2020-10-07 17:15:57 -06:00 committed by GitHub
parent 06ea6eb2d0 0e065459bc
commit b2d2edc6d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/internal.c
View File

@ -3886,18 +3886,35 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
if (ret == WS_SUCCESS)
ret = GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
if (pk->publicKeyTypeSz > len - begin) {
ret = WS_BUFFER_E;
}
}
if (ret == WS_SUCCESS) {
pk->publicKeyType = buf + begin;
begin += pk->publicKeyTypeSz;
ret = GetUint32(&pk->publicKeySz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
if (pk->publicKeySz > len - begin) {
ret = WS_BUFFER_E;
}
}
if (ret == WS_SUCCESS) {
pk->publicKey = buf + begin;
begin += pk->publicKeySz;
if (pk->hasSignature) {
ret = GetUint32(&pk->signatureSz, buf, len, &begin);
if (ret == WS_SUCCESS) {
if (pk->signatureSz > len - begin) {
ret = WS_BUFFER_E;
}
}
if (ret == WS_SUCCESS) {
pk->signature = buf + begin;
begin += pk->signatureSz;
@ -4043,6 +4060,12 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
ret = GetUint32(&authData.usernameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
if (authData.usernameSz > len - begin) {
ret = WS_BUFFER_E;
}
}
if (ret == WS_SUCCESS) {
authData.username = buf + begin;
begin += authData.usernameSz;
@ -4050,6 +4073,12 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
ret = GetUint32(&authData.serviceNameSz, buf, len, &begin);
}
if (ret == WS_SUCCESS) {
if (authData.serviceNameSz > len - begin) {
ret = WS_BUFFER_E;
}
}
if (ret == WS_SUCCESS) {
authData.serviceName = buf + begin;
begin += authData.serviceNameSz;