Skip to content

Commit 76ef664

Browse files
embhornembhorn
committed
Fix wolfSSL_sk_X509_OBJECT_deep_copy to check CTC_MAX_SKID_SIZE
1 parent b17755b commit 76ef664

3 files changed

Lines changed: 355 additions & 18 deletions

File tree

src/x509.c

Lines changed: 25 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11711,14 +11711,33 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_sk_X509_OBJECT_deep_copy(
1171111711
cert->isCA = req->isCa;
1171211712
cert->basicConstSet = req->basicConstSet;
1171311713
#ifdef WOLFSSL_CERT_EXT
11714-
if (req->subjKeyIdSz != 0) {
11715-
XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz);
11716-
cert->skidSz = (int)req->subjKeyIdSz;
11714+
if (req->subjKeyIdSz > CTC_MAX_SKID_SIZE) {
11715+
WOLFSSL_MSG("Subject Key ID too large");
11716+
WOLFSSL_ERROR_VERBOSE(BUFFER_E);
11717+
cert->skidSz = 0;
11718+
ret = WOLFSSL_FAILURE;
11719+
}
11720+
else if (req->subjKeyIdSz > 0) {
11721+
if (req->subjKeyId == NULL) {
11722+
WOLFSSL_MSG("Subject Key ID missing");
11723+
WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG);
11724+
cert->skidSz = 0;
11725+
ret = WOLFSSL_FAILURE;
11726+
}
11727+
else {
11728+
XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz);
11729+
cert->skidSz = (int)req->subjKeyIdSz;
11730+
}
11731+
}
11732+
else {
11733+
cert->skidSz = 0;
1171711734
}
11718-
if (req->keyUsageSet)
11719-
cert->keyUsage = req->keyUsage;
11735+
if (ret == WOLFSSL_SUCCESS) {
11736+
if (req->keyUsageSet)
11737+
cert->keyUsage = req->keyUsage;
1172011738

11721-
cert->extKeyUsage = req->extKeyUsage;
11739+
cert->extKeyUsage = req->extKeyUsage;
11740+
}
1172211741
#endif
1172311742

1172411743
XMEMCPY(cert->challengePw, req->challengePw, CTC_NAME_SIZE);

0 commit comments

Comments
 (0)