Check buffer length before XMEMCMP in GetOID

Lealem Amedie · Lealem Amedie · commit 2724edc257a9 · 2023-12-12T15:13:42.000-07:00
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -5760,7 +5760,8 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
      *
      * These hacks will hopefully disappear when new standardized OIDs appear.
      */
-    if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
+    if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&
+            XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,
                sizeof(sigSphincsFast_Level3Oid)) == 0) {
         found_collision = SPHINCS_FAST_LEVEL3k;
     }

Original file line number	Diff line number	Diff line change
`@@ -5760,7 +5760,8 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,`
`5760`	`5760`	`*`
`5761`	`5761`	`* These hacks will hopefully disappear when new standardized OIDs appear.`
`5762`	`5762`	`*/`
`5763`		`- if (memcmp(&input[idx], sigSphincsFast_Level3Oid,`
	`5763`	`+ if (idx + (word32)sizeof(sigSphincsFast_Level3Oid) < (word32)length &&`
	`5764`	`+ XMEMCMP(&input[idx], sigSphincsFast_Level3Oid,`
`5764`	`5765`	`sizeof(sigSphincsFast_Level3Oid)) == 0) {`
`5765`	`5766`	`found_collision = SPHINCS_FAST_LEVEL3k;`
`5766`	`5767`	`}`