diff --git a/src/internal.c b/src/internal.c index 2d8c5bf876..6bbd38fa8c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14955,44 +14955,65 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (ret == 0 && addToPendingCAs && !alreadySigner) { - DecodedCert dCertAdd; - DerBuffer *derBuffer; +#ifdef WOLFSSL_SMALL_STACK + DecodedCert *dCertAdd = NULL; +#else + DecodedCert dCertAdd[1]; +#endif + int dCertAdd_inited = 0; + DerBuffer *derBuffer = NULL; buffer* cert = &args->certs[args->certIdx]; - Signer *s; - InitDecodedCert(&dCertAdd, cert->buffer, cert->length, ssl->heap); - ret = ParseCert(&dCertAdd, CA_TYPE, NO_VERIFY, SSL_CM(ssl)); + Signer *s = NULL; + +#ifdef WOLFSSL_SMALL_STACK + dCertAdd = (DecodedCert *) + XMALLOC(sizeof(*dCertAdd), ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (dCertAdd == NULL) { + ret = MEMORY_E; + goto exit_req_v2; + } +#endif + InitDecodedCert(dCertAdd, cert->buffer, cert->length, + ssl->heap); + dCertAdd_inited = 1; + ret = ParseCert(dCertAdd, CA_TYPE, NO_VERIFY, + SSL_CM(ssl)); if (ret != 0) { - FreeDecodedCert(&dCertAdd); - goto exit_ppc; + goto exit_req_v2; } ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap); if (ret != 0 || derBuffer == NULL) { - FreeDecodedCert(&dCertAdd); - goto exit_ppc; + goto exit_req_v2; } XMEMCPY(derBuffer->buffer, cert->buffer, cert->length); s = MakeSigner(SSL_CM(ssl)->heap); if (s == NULL) { - FreeDecodedCert(&dCertAdd); - FreeDer(&derBuffer); ret = MEMORY_E; - goto exit_ppc; + goto exit_req_v2; } - ret = FillSigner(s, &dCertAdd, CA_TYPE, derBuffer); - FreeDecodedCert(&dCertAdd); - FreeDer(&derBuffer); + ret = FillSigner(s, dCertAdd, CA_TYPE, derBuffer); if (ret != 0) { - FreeSigner(s, SSL_CM(ssl)->heap); - goto exit_ppc; + goto exit_req_v2; } skipAddCA = 1; ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s); - if (ret != 0) { - FreeSigner(s, ssl->heap); + + exit_req_v2: + if (s && (ret != 0)) + FreeSigner(s, SSL_CM(ssl)->heap); + if (derBuffer) + FreeDer(&derBuffer); + if (dCertAdd_inited) + FreeDecodedCert(dCertAdd); +#ifdef WOLFSSL_SMALL_STACK + if (dCertAdd) + XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (ret != 0) goto exit_ppc; - } } -#endif +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ /* If valid CA then add to Certificate Manager */ if (ret == 0 && args->dCert->isCA && diff --git a/src/wolfio.c b/src/wolfio.c index 72e8dda7f4..52e61a55ed 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1612,6 +1612,11 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, /* read data if no \r\n or first time */ if ((start == NULL) || (end == NULL)) { + if (httpBufSz < len + 1) { + return BUFFER_ERROR; /* can't happen, but Coverity thinks it + * can. + */ + } result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0); if (result > 0) { len += result; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index a4e4b4a367..8418fb0799 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -12910,10 +12910,6 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz, return BAD_FUNC_ARG; } - if (iSz < AES_BLOCK_SIZE) { - return BAD_FUNC_ARG; - } - XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE); stream->bytes_crypted_with_this_tweak = 0; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 45942c0391..778d3e70fb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -24067,7 +24067,7 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der) if (ret == 0 && signer != NULL) { if (cert->extSapkiSet && cert->sapkiLen > 0) { /* Allocated space for alternative public key. */ - signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cm->heap, + signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (signer->sapkiDer == NULL) { ret = MEMORY_E; @@ -24083,7 +24083,8 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der) #if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL) if (ret == 0 && signer != NULL) - ret = CalcHashId(cert->serial, cert->serialSz, signer->serialHash); + ret = CalcHashId(cert->serial, (word32)cert->serialSz, + signer->serialHash); #endif if (ret == 0 && signer != NULL) { #ifdef WOLFSSL_SIGNER_DER_CERT diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 5a9df20023..587e47c4b4 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -4017,7 +4017,10 @@ int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inSz, byte* sig, /* Sig = Salt | Exp Hash */ if (ret == 0) { - if (sigSz != inSz + (word32)saltLen) { + word32 totalSz; + if ((WC_SAFE_SUM_WORD32(inSz, (word32)saltLen, totalSz) == 0) || + (sigSz != totalSz)) + { ret = PSS_SALTLEN_E; } } diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index f26b41b73a..3b6d87ddac 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -545,9 +545,15 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz, iterations, (int)derivedLen, typeH, 1); + if (ret < 0) + break; if (id != PBE_SHA1_RC4_128) { - ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, + i = ret; + ret = wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, iterations, 8, typeH, 2); + if (ret < 0) + break; + ret += i; } break; }