Merge pull request #352 from ejohnstown/fix-fuzz

JacobBarthelmeh · web-flow · commit a133043d35e9 · 2021-07-21T15:51:40.000+07:00
Fuzzing Fixes
diff --git a/src/internal.c b/src/internal.c
@@ -3533,13 +3533,17 @@ static int DoKexDhGexGroup(WOLFSSH* ssh,
         ret = GetMpint(&generatorSz, &generator, buf, len, &begin);
 
     if (ret == WS_SUCCESS) {
+        if (ssh->handshake->primeGroup)
+            WFREE(ssh->handshake->primeGroup, ssh->ctx->heap, DYNTYPE_MPINT);
         ssh->handshake->primeGroup =
             (byte*)WMALLOC(primeGroupSz, ssh->ctx->heap, DYNTYPE_MPINT);
         if (ssh->handshake->primeGroup == NULL)
             ret = WS_MEMORY_E;
     }
 
     if (ret == WS_SUCCESS) {
+        if (ssh->handshake->generator)
+            WFREE(ssh->handshake->generator, ssh->ctx->heap, DYNTYPE_MPINT);
         ssh->handshake->generator =
             (byte*)WMALLOC(generatorSz, ssh->ctx->heap, DYNTYPE_MPINT);
         if (ssh->handshake->generator == NULL) {
diff --git a/src/misc.c b/src/misc.c
@@ -130,6 +130,9 @@ STATIC INLINE void CreateMpint(byte* buf, word32* sz, byte* pad)
         WLOG(WS_LOG_ERROR, "Internal argument error with CreateMpint");
     }
 
+    if (*sz == 0)
+        return;
+
     /* check for leading 0's */
     for (i = 0; i < *sz; i++) {
         if (buf[i] != 0x00)

Original file line number	Diff line number	Diff line change
`@@ -130,6 +130,9 @@ STATIC INLINE void CreateMpint(byte* buf, word32* sz, byte* pad)`
`130`	`130`	`WLOG(WS_LOG_ERROR, "Internal argument error with CreateMpint");`
`131`	`131`	`}`
`132`	`132`
	`133`	`+ if (*sz == 0)`
	`134`	`+ return;`
	`135`	`+`
`133`	`136`	`/* check for leading 0's */`
`134`	`137`	`for (i = 0; i < *sz; i++) {`
`135`	`138`	`if (buf[i] != 0x00)`