Merge pull request #4912 from julek-wolfssl/ZD13742

Check `input` size in `DecodeNsCertType`
This commit is contained in:
David Garske 2022-03-03 08:22:49 -08:00 committed by GitHub
commit 2567cd5e5a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -15876,13 +15876,16 @@ static int DecodeNsCertType(const byte* input, int sz, DecodedCert* cert)
int len = 0;
WOLFSSL_ENTER("DecodeNsCertType");
if (CheckBitString(input, &idx, &len, (word32)sz, 0, NULL) < 0) {
if (CheckBitString(input, &idx, &len, (word32)sz, 0, NULL) < 0)
return ASN_PARSE_E;
}
/* Don't need to worry about unused bits as CheckBitString makes sure
* they're zero. */
cert->nsCertType = input[idx];
if (idx < (word32)sz)
cert->nsCertType = input[idx];
else
return ASN_PARSE_E;
return 0;
}