Skip to content

Commit 675d5df

Browse files
authored
Merge pull request #10833 from kareem-wolfssl/zd22079
Add some missing PKCS7 length checks and bound DTLS 1.3 ACK list.
2 parents f1b7001 + 6e6d7ab commit 675d5df

2 files changed

Lines changed: 40 additions & 4 deletions

File tree

src/dtls13.c

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2822,14 +2822,30 @@ int Dtls13DoScheduledWork(WOLFSSL* ssl)
28222822
* shared WriteDup struct so the write side sends the ACK instead. */
28232823
if (ssl->dupWrite != NULL && ssl->dupSide == READ_DUP_SIDE) {
28242824
struct Dtls13RecordNumber** tail = NULL;
2825+
int count = 0;
28252826
if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0)
28262827
return BAD_MUTEX_E;
2828+
/* Walk to the tail, counting what is already queued. */
28272829
tail = (struct Dtls13RecordNumber**)&ssl->dupWrite->sendAckList;
2828-
while (*tail != NULL)
2830+
while (*tail != NULL) {
28292831
tail = &(*tail)->next;
2830-
*tail = ssl->dtls13Rtx.seenRecords;
2831-
ssl->dtls13Rtx.seenRecords = NULL;
2832-
ssl->dtls13Rtx.seenRecordsCount = 0;
2832+
count++;
2833+
}
2834+
/* Each transferred batch is already capped at
2835+
* DTLS13_ACK_MAX_RECORDS. Only splice a new batch while the queue
2836+
* is below the cap so repeated scheduled-work cycles cannot grow
2837+
* it without bound (aggregate stays under 2 *
2838+
* DTLS13_ACK_MAX_RECORDS). Otherwise drop the batch: ACKs are
2839+
* best-effort and the peer retransmits if one is lost. */
2840+
if (count < DTLS13_ACK_MAX_RECORDS) {
2841+
*tail = ssl->dtls13Rtx.seenRecords;
2842+
ssl->dtls13Rtx.seenRecords = NULL;
2843+
ssl->dtls13Rtx.seenRecordsCount = 0;
2844+
}
2845+
else {
2846+
/* Queue already at the cap: drop this batch. */
2847+
Dtls13RtxFlushAcks(ssl);
2848+
}
28332849
ssl->dupWrite->sendAcks = 1;
28342850
wc_UnLockMutex(&ssl->dupWrite->dupMutex);
28352851
}

wolfcrypt/src/pkcs7.c

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13645,6 +13645,12 @@ int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
1364513645
break;
1364613646
}
1364713647
#else
13648+
/* ensure IV bytes are within the input buffer before copying */
13649+
if (length < 0 || (word32)length > pkiMsgSz ||
13650+
idx > pkiMsgSz - (word32)length) {
13651+
ret = BUFFER_E;
13652+
break;
13653+
}
1364813654
ret = 0;
1364913655
#endif
1365013656

@@ -15292,6 +15298,9 @@ int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
1529215298
#endif
1529315299

1529415300
/* Get authTag OCTET STRING */
15301+
if (ret == 0 && localIdx >= pkiMsgSz) {
15302+
ret = BUFFER_E;
15303+
}
1529515304
if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) {
1529615305
ret = ASN_PARSE_E;
1529715306
}
@@ -15358,6 +15367,17 @@ int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
1535815367
ret = ASN_PARSE_E;
1535915368
}
1536015369

15370+
#ifdef NO_PKCS7_STREAM
15371+
/* In the streaming build the block above re-buffers enough data for
15372+
* the auth tag. Without streaming, verify the tag fits within the
15373+
* provided input before copying. */
15374+
if (ret == 0 &&
15375+
(idx > pkiMsgSz || authTagSz > pkiMsgSz - idx)) {
15376+
WOLFSSL_MSG("AuthEnvelopedData authTag exceeds input buffer");
15377+
ret = BUFFER_E;
15378+
}
15379+
#endif
15380+
1536115381
if (ret == 0) {
1536215382
XMEMCPY(authTag, &pkiMsg[idx], authTagSz);
1536315383
idx += authTagSz;

0 commit comments

Comments
 (0)