Skip to content

Commit

Permalink
src/tls.c: fix possible null deref in TLSX_UseCertificateStatusReques…
Browse files Browse the repository at this point in the history
…tV2().

wolfcrypt/src/pkcs12.c: fix possible null deref in PKCS12_CoalesceOctetStrings(), and fix spelling of PKCS12_ConcatenateContent().
  • Loading branch information
douzzer committed Jan 7, 2025
1 parent 1679218 commit d6ead1b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 8 deletions.
5 changes: 5 additions & 0 deletions src/tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -4316,6 +4316,11 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
CertificateStatusRequestItemV2* last =
(CertificateStatusRequestItemV2*)extension->data;

if (last == NULL) {
XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
return BAD_FUNC_ARG;
}

for (; last->next; last = last->next);

last->next = csr2;
Expand Down
18 changes: 10 additions & 8 deletions wolfcrypt/src/pkcs12.c
Original file line number Diff line number Diff line change
Expand Up @@ -1144,7 +1144,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
#ifdef ASN_BER_TO_DER
/* append data to encrypted content cache in PKCS12 structure
* return buffer on success, NULL on error */
static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData,
static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData,
word32* mergedSz, byte* in, word32 inSz)
{
byte* oldContent;
Expand Down Expand Up @@ -1257,7 +1257,7 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
ret = MEMORY_E;
}
}
mergedData = PKCS12_ConcatonateContent(pkcs12, mergedData,
mergedData = PKCS12_ConcatenateContent(pkcs12, mergedData,
&mergedSz, &data[*idx], (word32)encryptedContentSz);
if (mergedData == NULL) {
ret = MEMORY_E;
Expand All @@ -1269,15 +1269,17 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
*idx += (word32)encryptedContentSz;
}

*idx = saveIdx;
if (ret == 0) {
*idx = saveIdx;

*idx += SetLength(mergedSz, &data[*idx]);
*idx += SetLength(mergedSz, &data[*idx]);

if (mergedSz > 0) {
/* Copy over concatenated octet strings into data buffer */
XMEMCPY(&data[*idx], mergedData, mergedSz);
if (mergedSz > 0) {
/* Copy over concatenated octet strings into data buffer */
XMEMCPY(&data[*idx], mergedData, mergedSz);

XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
}
}

return ret;
Expand Down

0 comments on commit d6ead1b

Please sign in to comment.