Skip to content

Commit bdebcfc

Browse files
JeremiahM37JeremiahM37
committed
reject negative pemSz in PEM-to-DER APIs
1 parent b44d8c6 commit bdebcfc

2 files changed

Lines changed: 17 additions & 3 deletions

File tree

tests/api.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11869,6 +11869,10 @@ static int test_wc_CertPemToDer(void)
1186911869
(int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1187011870
ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1,
1187111871
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
11872+
ExpectIntEQ(wc_CertPemToDer(cert_buf, -1, cert_der, (int)cert_dersz,
11873+
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
11874+
ExpectIntEQ(wc_CertPemToDer(cert_buf, 0, cert_der, (int)cert_dersz,
11875+
CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1187211876

1187311877
if (cert_der != NULL)
1187411878
free(cert_der);
@@ -11925,6 +11929,12 @@ static int test_wc_KeyPemToDer(void)
1192511929
ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""),
1192611930
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1192711931

11932+
/* Bad arg: negative or zero pemSz */
11933+
ExpectIntEQ(wc_KeyPemToDer(cert_buf, -1, (byte*)&cert_der, cert_sz, ""),
11934+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
11935+
ExpectIntEQ(wc_KeyPemToDer(cert_buf, 0, (byte*)&cert_der, cert_sz, ""),
11936+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
11937+
1192811938
/* Test normal operation */
1192911939
cert_dersz = cert_sz; /* DER will be smaller than PEM */
1193011940
ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz));
@@ -11968,6 +11978,10 @@ static int test_wc_PubKeyPemToDer(void)
1196811978
ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0);
1196911979
cert_dersz = cert_sz; /* DER will be smaller than PEM */
1197011980
ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
11981+
ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, -1, cert_der, (int)cert_dersz),
11982+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
11983+
ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, 0, cert_der, (int)cert_dersz),
11984+
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
1197111985
ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der,
1197211986
(int)cert_dersz), 0);
1197311987
if (cert_der != NULL) {

wolfcrypt/src/asn.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24322,7 +24322,7 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
2432224322

2432324323
WOLFSSL_ENTER("wc_KeyPemToDer");
2432424324

24325-
if (pem == NULL || (buff != NULL && buffSz <= 0)) {
24325+
if (pem == NULL || (buff != NULL && buffSz <= 0) || pemSz <= 0) {
2432624326
WOLFSSL_MSG("Bad pem der args");
2432724327
return BAD_FUNC_ARG;
2432824328
}
@@ -24373,7 +24373,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz,
2437324373

2437424374
WOLFSSL_ENTER("wc_CertPemToDer");
2437524375

24376-
if (pem == NULL || buff == NULL || buffSz <= 0) {
24376+
if (pem == NULL || buff == NULL || buffSz <= 0 || pemSz <= 0) {
2437724377
WOLFSSL_MSG("Bad pem der args");
2437824378
return BAD_FUNC_ARG;
2437924379
}
@@ -24420,7 +24420,7 @@ int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
2442024420

2442124421
WOLFSSL_ENTER("wc_PubKeyPemToDer");
2442224422

24423-
if (pem == NULL || (buff != NULL && buffSz <= 0)) {
24423+
if (pem == NULL || (buff != NULL && buffSz <= 0) || pemSz <= 0) {
2442424424
WOLFSSL_MSG("Bad pem der args");
2442524425
return BAD_FUNC_ARG;
2442624426
}

0 commit comments

Comments
 (0)