From ec9b2c0e8b5446bf5ae37c4cae1d7e50bb9bc671 Mon Sep 17 00:00:00 2001 From: Kareem Date: Tue, 21 Apr 2026 13:44:35 -0700 Subject: [PATCH 1/3] Confirm sessIdSz's size in DoTls13ServerHello before it is used. Thanks to Zou Dikai for the report. --- src/tls13.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index 824ad08b696..180db43b436 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5371,7 +5371,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Session id */ args->sessIdSz = input[args->idx++]; - if ((args->idx - args->begin) + args->sessIdSz > helloSz) + if (args->sessIdSz > ID_LEN || args->sessIdSz > RAN_LEN || + ((args->idx - args->begin) + args->sessIdSz > helloSz)) return BUFFER_ERROR; args->sessId = input + args->idx; args->idx += args->sessIdSz; From 3a1766dbf2db4c622918afa0f4148720c5b8a511 Mon Sep 17 00:00:00 2001 From: Kareem Date: Tue, 21 Apr 2026 15:22:30 -0700 Subject: [PATCH 2/3] Add missing length checks and fix length calculation for PSK in SendClientKeyExchange. Thanks to Zou Dikai for the reports. --- src/internal.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 067dd1b04d0..3117cac0541 100644 --- a/src/internal.c +++ b/src/internal.c @@ -33900,7 +33900,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* Ensure the buffer is null-terminated. */ ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity); - if (args->encSz > MAX_PSK_ID_LEN) { + if (args->encSz > MAX_PSK_ID_LEN || + args->encSz > MAX_ENCRYPT_SZ) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } XMEMCPY(args->encSecret, ssl->arrays->client_identity, @@ -33931,6 +33932,9 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (esSz > MAX_PSK_ID_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } + if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) { + ERROR_OUT(CLIENT_ID_ERROR, exit_scke); + } /* CLIENT: Pre-shared Key for peer authentication. */ ssl->options.peerAuthGood = 1; @@ -33982,6 +33986,9 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (esSz > MAX_PSK_ID_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } + if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) { + ERROR_OUT(CLIENT_ID_ERROR, exit_scke); + } /* CLIENT: Pre-shared Key for peer authentication. */ ssl->options.peerAuthGood = 1; @@ -33990,10 +33997,9 @@ int SendClientKeyExchange(WOLFSSL* ssl) args->output += OPAQUE16_LEN; XMEMCPY(args->output, ssl->arrays->client_identity, esSz); args->output += esSz; - args->encSz = esSz + OPAQUE16_LEN; - /* length is used for public key size */ - args->length = MAX_ENCRYPT_SZ; + args->length = args->encSz - esSz - OPAQUE16_LEN; + args->encSz = esSz + OPAQUE16_LEN; /* Create shared ECC key leaving room at the beginning * of buffer for size of shared key. */ From 768525c20fd9efaf89b856d2513e877c9f737ab9 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 22 Apr 2026 14:51:00 -0700 Subject: [PATCH 3/3] Code review feedback. --- src/internal.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 3117cac0541..19bd6b6e033 100644 --- a/src/internal.c +++ b/src/internal.c @@ -33932,7 +33932,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (esSz > MAX_PSK_ID_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } - if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) { + if (esSz > MAX_ENCRYPT_SZ - (2 * OPAQUE16_LEN)) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } /* CLIENT: Pre-shared Key for peer authentication. */ @@ -33949,7 +33949,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) args->output += OPAQUE16_LEN; XMEMCPY(args->output, ssl->arrays->client_identity, esSz); args->output += esSz; - args->length = args->encSz - esSz - OPAQUE16_LEN; + args->length = args->encSz - esSz - (2 * OPAQUE16_LEN); args->encSz = esSz + OPAQUE16_LEN; CHECK_RET(ret, AllocKey(ssl, DYNAMIC_TYPE_DH, @@ -33986,7 +33986,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (esSz > MAX_PSK_ID_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } - if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) { + if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN - OPAQUE8_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } /* CLIENT: Pre-shared Key for peer authentication. */ @@ -33998,7 +33998,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) XMEMCPY(args->output, ssl->arrays->client_identity, esSz); args->output += esSz; - args->length = args->encSz - esSz - OPAQUE16_LEN; + args->length = + args->encSz - esSz - OPAQUE16_LEN - OPAQUE8_LEN; args->encSz = esSz + OPAQUE16_LEN; /* Create shared ECC key leaving room at the beginning