From adc7b81d9d20d68c6e467ab35136a5d52db0abd3 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 4 Mar 2026 16:11:35 -0700 Subject: [PATCH 1/2] check if ripemd->buffLen >= RIPEMD_BLOCK_SZ is true to prevent out of bounds write --- wolfcrypt/src/ripemd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c index 9c513e5fed4..0a909c4b5d6 100644 --- a/wolfcrypt/src/ripemd.c +++ b/wolfcrypt/src/ripemd.c @@ -317,7 +317,7 @@ int wc_RipeMdFinal(RipeMd* ripemd, byte* hash) AddLength(ripemd, ripemd->buffLen); /* before adding pads */ /* ensure we have a valid buffer length; */ - if (ripemd->buffLen > RIPEMD_BLOCK_SIZE) { + if (ripemd->buffLen >= RIPEMD_BLOCK_SIZE) { /* exit with error code if there's a bad buffer size in buffLen */ return BAD_STATE_E; } /* buffLen check */ From 2e1a2b951bf3f15176850642d68da154d5ed1162 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Thu, 5 Mar 2026 10:10:34 -0700 Subject: [PATCH 2/2] remove unused tempBuf = NULL --- wolfcrypt/src/pkcs7.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 643bc4b1545..7b9382f4b85 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -5693,7 +5693,6 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz, WOLFSSL_MSG("failed to grow content buffer."); if (tempBuf != NULL) { XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; } ret = MEMORY_E; break; @@ -5707,7 +5706,6 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz, pkcs7->stream->expected); if (tempBuf != NULL) { XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; } } }