mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3386 from ejohnstown/dh-maint

Browse Source 
Fuzz Fix
This commit is contained in:
David Garske 2020-10-13 15:47:11 -07:00 committed by GitHub
commit 232028d03b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
src/internal.c
View File

@ -21151,21 +21151,24 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
int group = 0;
#endif
ssl->buffers.weOwnDH = 1;
if (ssl->buffers.weOwnDH) {
if (ssl->buffers.serverDH_P.buffer) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
}
if (ssl->buffers.serverDH_P.buffer) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
}
if (ssl->buffers.serverDH_G.buffer) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
}
if (ssl->buffers.serverDH_G.buffer) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
}
if (ssl->buffers.serverDH_Pub.buffer) {
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_Pub.buffer = NULL;
if (ssl->buffers.serverDH_Pub.buffer) {
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_Pub.buffer = NULL;
}
}
/* p */
@ -21208,6 +21211,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
/* g */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk);
}
@ -21215,6 +21221,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
args->idx += OPAQUE16_LEN;
if ((args->idx - args->begin) + length > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk);
}
@ -21224,6 +21233,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
ssl->buffers.serverDH_G.length = length;
}
else {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
ERROR_OUT(MEMORY_ERROR, exit_gdpk);
}
@ -21233,6 +21245,12 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
/* pub */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk);
}
@ -21240,6 +21258,12 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
args->idx += OPAQUE16_LEN;
if ((args->idx - args->begin) + length > size) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(BUFFER_ERROR, exit_gdpk);
}
@ -21249,11 +21273,18 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
ssl->buffers.serverDH_Pub.length = length;
}
else {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(MEMORY_ERROR, exit_gdpk);
}
XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx,
length);
ssl->buffers.weOwnDH = 1;
args->idx += length;
#ifdef HAVE_FFDHE