when removing the padding for the TLS13 verify message

jpbland1 · jpbland1 · commit e641c6b738d2 · 2023-12-27T16:06:40.000-05:00
step, check that the index doesn't wrap around due to a malformed packet
diff --git a/src/internal.c b/src/internal.c
@@ -21166,7 +21166,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                     word16 i = (word16)(ssl->buffers.inputBuffer.idx +
                                  ssl->curSize - ssl->specs.aead_mac_size);
 
-                    if (i > ssl->buffers.inputBuffer.length) {
+                    /* check i isn't too big and won't wrap around on --i */
+                    if (i > ssl->buffers.inputBuffer.length || i == 0) {
                         WOLFSSL_ERROR(BUFFER_ERROR);
                         return BUFFER_ERROR;
                     }

Original file line number	Diff line number	Diff line change
`@@ -21166,7 +21166,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)`
`21166`	`21166`	`word16 i = (word16)(ssl->buffers.inputBuffer.idx +`
`21167`	`21167`	`ssl->curSize - ssl->specs.aead_mac_size);`
`21168`	`21168`
`21169`		`- if (i > ssl->buffers.inputBuffer.length) {`
	`21169`	`+ /* check i isn't too big and won't wrap around on --i */`
	`21170`	`+ if (i > ssl->buffers.inputBuffer.length \|\| i == 0) {`
`21170`	`21171`	`WOLFSSL_ERROR(BUFFER_ERROR);`
`21171`	`21172`	`return BUFFER_ERROR;`
`21172`	`21173`	`}`