From 50a7243486d5e92704c89bb5279a9b7e0a95bf0e Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 5 Jul 2024 11:53:19 -0600 Subject: [PATCH] fix for coverity issue 394670 possible overflow --- src/ssl_load.c | 2 +- wolfcrypt/src/dh.c | 8 ++++++++ wolfcrypt/test/test.c | 5 +++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 30245bfb6..06f8b84f9 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5563,7 +5563,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) ret = wolfssl_ctx_set_tmp_dh(ctx, p, pSz, g, gSz); } - if (ret != 1) { + if (ret != 1 && ctx != NULL) { /* Free the allocated buffers if not assigned into SSL. */ XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 041915998..28ed1978d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2940,6 +2940,14 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { /* modulus size in bytes */ modSz /= WOLFSSL_BIT_SIZE; + + if ((word32)modSz < groupSz) { + WOLFSSL_MSG("DH modSz was too small"); + ret = BAD_FUNC_ARG; + } + } + + if (ret == 0) { bufSz = (word32)modSz - groupSz; /* allocate ram */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ebd0075a0..f25236676 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -22272,6 +22272,11 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng) if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + /* should fail since modSz is 16 and group size is 20 */ + ret = wc_DhGenerateParams(rng, 128, smallKey); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + ret = wc_DhGenerateParams(rng, 2056, smallKey); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);