Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 20 additions & 4 deletions src/dtls13.c
Original file line number Diff line number Diff line change
Expand Up @@ -2813,14 +2813,30 @@ int Dtls13DoScheduledWork(WOLFSSL* ssl)
* shared WriteDup struct so the write side sends the ACK instead. */
if (ssl->dupWrite != NULL && ssl->dupSide == READ_DUP_SIDE) {
struct Dtls13RecordNumber** tail = NULL;
int count = 0;
if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0)
return BAD_MUTEX_E;
/* Walk to the tail, counting what is already queued. */
tail = (struct Dtls13RecordNumber**)&ssl->dupWrite->sendAckList;
while (*tail != NULL)
while (*tail != NULL) {
tail = &(*tail)->next;
*tail = ssl->dtls13Rtx.seenRecords;
ssl->dtls13Rtx.seenRecords = NULL;
ssl->dtls13Rtx.seenRecordsCount = 0;
count++;
}
/* Each transferred batch is already capped at
* DTLS13_ACK_MAX_RECORDS. Only splice a new batch while the queue
* is below the cap so repeated scheduled-work cycles cannot grow
* it without bound (aggregate stays under 2 *
* DTLS13_ACK_MAX_RECORDS). Otherwise drop the batch: ACKs are
* best-effort and the peer retransmits if one is lost. */
if (count < DTLS13_ACK_MAX_RECORDS) {
*tail = ssl->dtls13Rtx.seenRecords;
ssl->dtls13Rtx.seenRecords = NULL;
ssl->dtls13Rtx.seenRecordsCount = 0;
}
else {
/* Queue already at the cap: drop this batch. */
Dtls13RtxFlushAcks(ssl);
}
Comment thread
kareem-wolfssl marked this conversation as resolved.
ssl->dupWrite->sendAcks = 1;
wc_UnLockMutex(&ssl->dupWrite->dupMutex);
}
Expand Down
20 changes: 20 additions & 0 deletions wolfcrypt/src/pkcs7.c
Original file line number Diff line number Diff line change
Expand Up @@ -13611,6 +13611,12 @@ int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
break;
}
#else
/* ensure IV bytes are within the input buffer before copying */
if (length < 0 || (word32)length > pkiMsgSz ||
idx > pkiMsgSz - (word32)length) {
ret = BUFFER_E;
break;
Comment thread
kareem-wolfssl marked this conversation as resolved.
}
ret = 0;
#endif

Expand Down Expand Up @@ -15246,6 +15252,9 @@ int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
localIdx = idx;

/* Get authTag OCTET STRING */
if (ret == 0 && localIdx >= pkiMsgSz) {
ret = BUFFER_E;
}
if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) {
ret = ASN_PARSE_E;
}
Comment thread
kareem-wolfssl marked this conversation as resolved.
Expand Down Expand Up @@ -15306,6 +15315,17 @@ int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
ret = ASN_PARSE_E;
}

#ifdef NO_PKCS7_STREAM
/* In the streaming build the block above re-buffers enough data for
* the auth tag. Without streaming, verify the tag fits within the
* provided input before copying. */
if (ret == 0 &&
(idx > pkiMsgSz || authTagSz > pkiMsgSz - idx)) {
WOLFSSL_MSG("AuthEnvelopedData authTag exceeds input buffer");
ret = BUFFER_E;
}
#endif

if (ret == 0) {
XMEMCPY(authTag, &pkiMsg[idx], authTagSz);
idx += authTagSz;
Expand Down
Loading