Check length to avoid XSTRNCMP accessing memory after list

2020-03-06 17:13:59 +01:00 · 2020-03-06 17:13:59 +01:00 · fe9a876895
commit fe9a876895
parent 420e597c16
2 changed files with 3 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -33160,7 +33160,8 @@ static int populate_groups(int* groups, int max_count, char *list)
            return -1;
        }
        for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
-            if (XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
+            if (len == nist_name->name_len &&
+                    XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
                break;
            }
        }
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -4239,7 +4239,7 @@ static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";

 #ifdef OPENSSL_EXTRA
 typedef struct {
-    int name_len;
+    size_t name_len;
    const char *name;
    int nid;
 } WOLF_EC_NIST_NAME;