romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-24 06:32:13 +03:00
Code Issues Projects Releases Packages Wiki Activity

wolfssl: check BIO read parameters

Browse source 
Check parameters passed more thoroughly and assure that current 'data'
also exists.

Reported in Joshua's sarif data

Closes #18718
This commit is contained in:
Stefan Eissing 2025-09-25 11:25:17 +02:00 committed by Daniel Stenberg
parent cbc30d4ed2
commit 9e8b05fb99
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/vtls/wolfssl.c
View file

@ -362,8 +362,11 @@ static int wssl_bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
CURLcode result = CURLE_OK;
DEBUGASSERT(data);
/* OpenSSL catches this case, so should we. */
if(!buf)
if(!data || (blen < 0)) {
wssl->io_result = CURLE_FAILED_INIT;
return -1;
}
if(!buf || !blen)
return 0;
if((connssl->connecting_state == ssl_connect_2) &&