Merge pull request #7058 from lealem47/zd17174

SparkiDev · web-flow · commit b7b20ededda4 · 2023-12-13T14:36:23.000+10:00
Check buffer length before XMEMCMP in GetOID
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -5747,7 +5747,8 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
      *
      * These hacks will hopefully disappear when new standardized OIDs appear.
      */
-    if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
+    if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&
+            XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,
                sizeof(sigSphincsFast_Level3Oid)) == 0) {
         found_collision = SPHINCS_FAST_LEVEL3k;
     }

Original file line number	Diff line number	Diff line change
`@@ -5747,7 +5747,8 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,`
`5747`	`5747`	`*`
`5748`	`5748`	`* These hacks will hopefully disappear when new standardized OIDs appear.`
`5749`	`5749`	`*/`
`5750`		`- if (memcmp(&input[idx], sigSphincsFast_Level3Oid,`
	`5750`	`+ if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&`
	`5751`	`+ XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,`
`5751`	`5752`	`sizeof(sigSphincsFast_Level3Oid)) == 0) {`
`5752`	`5753`	`found_collision = SPHINCS_FAST_LEVEL3k;`
`5753`	`5754`	`}`