add sanity check on buffer size

2021-09-10 16:49:42 -06:00 · 2021-09-10 16:49:42 -06:00 · ae4766ae96
parent 42db91e454
commit ae4766ae96
2 changed files with 22 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -26934,6 +26934,10 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
    if (ret != 0)
        return ret;

+    /* check that the value found is not too large for pubKey buffer */
+    if (inSz - *inOutIdx > *pubKeyLen)
+        return ASN_PARSE_E;
+
    /* This is the raw point data compressed or uncompressed. */
    *pubKeyLen = inSz - *inOutIdx;
    XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -26031,6 +26031,17 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
        0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
        0xf7,0x07,0x51,0x1a
    };
+
+    /* size has been altered to catch if sanity check is done */
+    static byte badPublicEd25519[] = {
+        0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
+        0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
+        0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
+        0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
+        0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
+        0xf7,0x07,0x51,0x1a,
+        0x00 /* add an additional byte to make the pubkey appear bigger */
+    };
    static byte privPubEd25519[] = {
        0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
        0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
@ -26167,6 +26178,13 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
                != BAD_FUNC_ARG)
        return -11131;

+
+    /* try with a buffer size that is too large */
+    idx = 0;
+    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
+                                  sizeof(badPublicEd25519)) == 0)
+        return -11140;
+
    idx = 0;
    if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
                                  sizeof(publicEd25519)) != 0)