Merge pull request #4267 from elms/key_overflow
tls13: avoid buffer overflow with size check
This commit is contained in:
David Garske
GitHub
commit
0e4b200df1
@ -6073,6 +6073,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
|
|
||||||
case TLS_ASYNC_BUILD:
|
case TLS_ASYNC_BUILD:
|
||||||
{
|
{
|
||||||
|
int rem = ssl->buffers.outputBuffer.bufferSize
|
||||||
|
- ssl->buffers.outputBuffer.length
|
||||||
|
- RECORD_HEADER_SZ - HANDSHAKE_HEADER_SZ;
|
||||||
|
|
||||||
/* idx is used to track verify pointer offset to output */
|
/* idx is used to track verify pointer offset to output */
|
||||||
args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
||||||
args->verify =
|
args->verify =
|
||||||
@ -6092,6 +6096,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||||||
goto exit_scv;
|
goto exit_scv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (rem < 0 || args->length > rem) {
|
||||||
|
ERROR_OUT(BUFFER_E, exit_scv);
|
||||||
|
}
|
||||||
|
|
||||||
if (args->length == 0) {
|
if (args->length == 0) {
|
||||||
ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
|
ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user