Fix MAC Algo Match

1. Rearrange the matching of the MAC Algos when decoding the KEX Init message. It should only dereference the handshake info to check if it is using an AEAD cipher if ret is WS_SUCCESS. (If the handshake info isn't present, there will be an error present.) This prevents a possible NULL dereference.
ejohnstown · Jul 17, 2024 · 0608db4 · 0608db4
1 parent 01c1aad
commit 0608db4
Showing 1 changed file with 13 additions and 16 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -3978,15 +3978,14 @@ static int DoKexInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         listSz = (word32)sizeof(list);
         ret = GetNameList(list, &listSz, buf, len, &begin);
     }
-    if (!ssh->handshake->aeadMode) {
-        if (ret == WS_SUCCESS) {
-            cannedAlgoNamesSz = AlgoListSz(ssh->algoListMac);
-            cannedListSz = (word32)sizeof(cannedList);
-            ret = GetNameListRaw(cannedList, &cannedListSz,
-                    (const byte*)ssh->algoListMac, cannedAlgoNamesSz);
-        }
+    if (ret == WS_SUCCESS && !ssh->handshake->aeadMode) {
+        cannedAlgoNamesSz = AlgoListSz(ssh->algoListMac);
+        cannedListSz = (word32)sizeof(cannedList);
+        ret = GetNameListRaw(cannedList, &cannedListSz,
+                (const byte*)ssh->algoListMac, cannedAlgoNamesSz);
         if (ret == WS_SUCCESS) {
-            algoId = MatchIdLists(side, list, listSz, cannedList, cannedListSz);
+            algoId = MatchIdLists(side, list, listSz,
+                    cannedList, cannedListSz);
             if (algoId == ID_UNKNOWN) {
                 WLOG(WS_LOG_DEBUG, "Unable to negotiate MAC Algo C2S");
                 ret = WS_MATCH_MAC_ALGO_E;
@@ -4000,15 +3999,13 @@ static int DoKexInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         listSz = (word32)sizeof(list);
         ret = GetNameList(list, &listSz, buf, len, &begin);
     }
-    if (!ssh->handshake->aeadMode) {
-        if (ret == WS_SUCCESS) {
-            algoId = MatchIdLists(side, list, listSz, &algoId, 1);
-            if (algoId == ID_UNKNOWN) {
-                WLOG(WS_LOG_DEBUG, "Unable to negotiate MAC Algo S2C");
-                ret = WS_MATCH_MAC_ALGO_E;
-            }
+    if (ret == WS_SUCCESS && !ssh->handshake->aeadMode) {
+        algoId = MatchIdLists(side, list, listSz, &algoId, 1);
+        if (algoId == ID_UNKNOWN) {
+            WLOG(WS_LOG_DEBUG, "Unable to negotiate MAC Algo S2C");
+            ret = WS_MATCH_MAC_ALGO_E;
         }
-        if (ret == WS_SUCCESS) {
+        else {
             ssh->handshake->macId = algoId;
             ssh->handshake->macSz = MacSzForId(algoId);
             ssh->handshake->keys.macKeySz =