diff --git a/src/internal.c b/src/internal.c index 3555a96eb5..67b1df473d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -17597,6 +17597,10 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; list_length -= status_length; } + if (idx >= MAX_CHAIN_DEPTH) { + ret = BUFFER_ERROR; + break; + } idx++; } @@ -21240,7 +21244,8 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) if (ssl->specs.cipher_type == block) { #ifdef HAVE_ENCRYPT_THEN_MAC if (ssl->options.startedETMRead) { - if ((encryptSz - MacSize(ssl)) % ssl->specs.block_size) { + if (encryptSz < minLength || + (encryptSz - MacSize(ssl)) % ssl->specs.block_size) { WOLFSSL_MSG("Block ciphertext not block size"); WOLFSSL_ERROR_VERBOSE(SANITY_CIPHER_E); return SANITY_CIPHER_E; diff --git a/src/ssl.c b/src/ssl.c index 07434f66ce..b792be95fc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -906,6 +906,9 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl) XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion)); XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion)); + /* dup side now owns encrypt/write ciphers */ + XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers)); + #ifdef HAVE_ONE_TIME_AUTH #ifdef HAVE_POLY1305 if (ssl->auth.setup && ssl->auth.poly1305 != NULL) { @@ -918,9 +921,6 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl) #endif #endif - /* dup side now owns encrypt/write ciphers */ - XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers)); - #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { /* Copy TLS 1.3 application traffic secrets so the write side can @@ -1274,7 +1274,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len) { const char* cipher; - if (ssl == NULL) + if (ssl == NULL || len <= 0) return NULL; cipher = wolfSSL_get_cipher_name_iana(ssl); diff --git a/src/tls13.c b/src/tls13.c index e63e824d79..32428b2114 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2966,11 +2966,15 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, const byte* aad, word16 aadSz) { int ret = 0; - word16 dataSz = sz - ssl->specs.aead_mac_size; + word16 dataSz; word16 macSz = ssl->specs.aead_mac_size; word32 nonceSz = 0; WOLFSSL_ENTER("DecryptTls13"); + if (sz < ssl->specs.aead_mac_size) { + return BAD_FUNC_ARG; + } + dataSz = sz - ssl->specs.aead_mac_size; #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13AesDecrypt(ssl, output, input, sz); @@ -5873,7 +5877,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, * Increase size to handle other implementations sending more than one byte. * That is, allocate extra space, over one byte, to hold the context value. */ - certReqCtx = (CertReqCtx*)XMALLOC(sizeof(CertReqCtx) + len - 1, ssl->heap, + certReqCtx = (CertReqCtx*)XMALLOC(sizeof(CertReqCtx) + (len == 0 ? 0 : len - 1), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (certReqCtx == NULL) return MEMORY_E; @@ -8766,8 +8770,8 @@ static word32 NextCert(byte* data, word32 length, word32* idx) { word32 len; - /* Is index at end of list. */ - if (*idx == length) + /* Would index read past end of list? */ + if (*idx + 3 > length) return 0; /* Length of the current ASN.1 encoded certificate. */ @@ -8775,6 +8779,10 @@ static word32 NextCert(byte* data, word32 length, word32* idx) /* Include the length field. */ len += 3; + /* Ensure len does not overrun certificate list */ + if (*idx + len > length) + return 0; + /* Move index to next certificate and return the current certificate's * length. */ @@ -10696,10 +10704,16 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, * we can decode both lengths here now. */ word32 tmpIdx = args->idx; word16 tmpSz = 0; + if (args->sz < OPAQUE16_LEN) { + ERROR_OUT(BUFFER_ERROR, exit_dcv); + } ato16(input + tmpIdx, &tmpSz); args->sigSz = tmpSz; tmpIdx += OPAQUE16_LEN + args->sigSz; + if (tmpIdx - args->idx + OPAQUE16_LEN > args->sz) { + ERROR_OUT(BUFFER_ERROR, exit_dcv); + } ato16(input + tmpIdx, &tmpSz); args->altSignatureSz = tmpSz; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2fbfd84263..cb4258e634 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -10360,6 +10360,9 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( ret = wolfSSL_CryptHwMutexLock(); if (ret != 0) { + if (wasAlloc) { + XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4dfe4150a0..6a49651ba9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9151,8 +9151,13 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, if (ret == 0) { if (der->sapkiOID == RSAk || der->sapkiOID == ECDSAk) { /* Simply copy the data */ - XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); - pubKeyLen = der->sapkiLen; + if ((word32)der->sapkiLen > pubKeyLen) { + ret = BUFFER_E; + } + else { + XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); + pubKeyLen = der->sapkiLen; + } } else { #if defined(WC_ENABLE_ASYM_KEY_IMPORT) @@ -16211,6 +16216,10 @@ int ConfirmSignature(SignatureCtx* sigCtx, WOLFSSL_MSG("Verify Signature is too small"); ERROR_OUT(BUFFER_E, exit_cs); } + else if (sigSz > MAX_ENCODED_SIG_SZ) { + WOLFSSL_MSG("Verify Signature is too big"); + ERROR_OUT(BUFFER_E, exit_cs); + } #ifndef WOLFSSL_NO_MALLOC sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), sigCtx->heap, DYNAMIC_TYPE_DSA);