WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

wolfcrypt/src/asn.c: refactor _SMALL_STACK code path in ParseCRL_Extensions() to fix memory leaks and heap-use-after-free.

pull/5497/head
Daniel Pouzzner 2022-08-23 13:52:42 -05:00
parent dcebd0d349
commit 8f70f98640
1 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
wolfcrypt/src/asn.c
View File

@ -35019,46 +35019,44 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
} }
else { else {
if (length > 1) { if (length > 1) {
#ifdef WOLFSSL_SMALL_STACK
mp_int* m;
#else
mp_int m[1];
#endif
int i; int i;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
m = (mp_int*)XMALLOC(sizeof(*m), NULL, mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
DYNAMIC_TYPE_BIGINT); DYNAMIC_TYPE_BIGINT);
if (m == NULL) { if (m == NULL) {
return MEMORY_E; return MEMORY_E;
} }
#else
mp_int m[1];
#endif #endif
if (mp_init(m) != MP_OKAY) { if (mp_init(m) != MP_OKAY) {
return MP_INIT_E; ret = MP_INIT_E;
} }
ret = mp_read_unsigned_bin(m, buf + idx, length); if (ret == 0)
if (ret != MP_OKAY) { ret = mp_read_unsigned_bin(m, buf + idx, length);
mp_free(m); if (ret != MP_OKAY)
#ifdef WOLFSSL_SMALL_STACK ret = BUFFER_E;
XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
#endif
return BUFFER_E;
}
dcrl->crlNumber = 0; if (ret == 0) {
for (i = 0; i < (*m).used; ++i) { dcrl->crlNumber = 0;
if (i > (int)sizeof(word32)) { for (i = 0; i < (*m).used; ++i) {
if (i > (int)sizeof(word32)) {
break; break;
}
dcrl->crlNumber |= ((word32)(*m).dp[i]) <<
(DIGIT_BIT * i);
} }
dcrl->crlNumber |= ((word32)(*m).dp[i]) <<
(DIGIT_BIT * i);
} }
mp_free(m);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(m, NULL, DYNAMIC_TYPE_BIGINT); XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
#endif #endif
mp_free(m);
if (ret != 0)
return ret;
} }
else { else {
dcrl->crlNumber = buf[idx]; dcrl->crlNumber = buf[idx];