Home Explore Help
Sign In
RISCI_ATOM
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Files Issues 14 Wiki
Browse Source

CID 299893 out of bounds read with XMEMCMP

JacobBarthelmeh 2 months ago
parent
be233fc805
commit
d6b4b27cd1
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      src/tls13.c

+ 2 - 1
src/tls13.c
View File 

@@ -10382,7 +10382,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 
     if (sniff == NO_SNIFF) {
 
         /* Actually check verify data. */
 
-        if (XMEMCMP(input + *inOutIdx, mac, size) != 0){
 
+        if (size > WC_MAX_DIGEST_SIZE ||
 
+                XMEMCMP(input + *inOutIdx, mac, size) != 0){
 
             WOLFSSL_MSG("Verify finished error on hashes");
 
             SendAlert(ssl, alert_fatal, decrypt_error);
 
             WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);