New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing Check for file bad size #2527
Comments
Hi ManSoSec, Thanks for pointing out that we are not consistent with the enforcement of Thanks, |
|
Hi @dgarske, Is there any update on this issue? Thanks! |
HI @ManSoSec : Thanks for checking in. It's on my list, but low priority. Is this causing you guys any issues? Thanks, |
Hi @dgarske, Thanks for your reply. Our research focuses on finding bugs and one of the tools we are testing is wolfSSL. We just wanted to be sure if this reported bug is a valid one. Feedbacks from the developers can help both parties to pursue more reliable research as well as fixing more valid bugs. Thanks! |
Hi @dgarske May I ask what is the potential security consequence of the 14 missing checks? I feel one can be memory leak as big files can be sent to WolfSSL and XMALLOC |
Hi @ManSoSec , Again thank for your reporting this inconsistency. The PR #2598 just adds sanity checks for file sizes. In my opinion there is no security risk here. Someone would to have already compromised access to the file system and access the certificates being loaded. Then would have to enlarge the size of a file and load it with valid content. This would cause additional memory use, but not leaks. Thanks, |
Hi @dgarske Sure! Thank you for the clarification! |
src/ssl.c
There is following check in this function:
wolfSSL_CertManagerVerify
after
sz = XFTELL(file); XREWIND(file);
:While it is missed in
wolfSSL_SetTmpDH_file_wrapper
andProcessFile
The text was updated successfully, but these errors were encountered: