WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Additional max index and serial number size checks in "GetSerialNumber".

pull/512/head
David Garske 2016-08-03 17:04:44 -07:00
parent 9ddfe93c43
commit 96da2df7ec
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
wolfcrypt/src/asn.c
View File

@ -5291,6 +5291,10 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
} }
/* First byte is ASN type */ /* First byte is ASN type */
if ((*inOutIdx+1) > maxIdx) {
WOLFSSL_MSG("Bad idx first");
return BUFFER_E;
}
b = input[*inOutIdx]; b = input[*inOutIdx];
*inOutIdx += 1; *inOutIdx += 1;
@ -5303,11 +5307,17 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if (*serialSz > EXTERNAL_SERIAL_SIZE) { if (*serialSz < 0 || *serialSz > EXTERNAL_SERIAL_SIZE) {
WOLFSSL_MSG("Serial Size too big"); WOLFSSL_MSG("Serial size bad");
return ASN_PARSE_E; return ASN_PARSE_E;
} }
/* serial size check */
if ((*inOutIdx + *serialSz) > maxIdx) {
WOLFSSL_MSG("Bad idx serial");
return BUFFER_E;
}
/* skip padding */ /* skip padding */
if (input[*inOutIdx] == 0x00) { if (input[*inOutIdx] == 0x00) {
*serialSz -= 1; *serialSz -= 1;