var init & wc_EncodeSignature checks

gojimmypi · Mar 24, 2023 · 2619528 · 2619528
1 parent 9d68e0c
commit 2619528
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -14725,8 +14725,20 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
     word32 encDigSz, algoSz, seqSz;
 
     encDigSz = SetDigest(digest, digSz, digArray);
+    if (encDigSz <= 0) {
+        printf("SetDigest error");
+        return 0;
+    }
     algoSz   = SetAlgoID(hashOID, algoArray, oidHashType, 0);
+    if (algoSz <= 0) {
+        printf("SetAlgoID error");
+        return 0;
+    }
     seqSz    = SetSequence(encDigSz + algoSz, seqArray);
+    if (seqSz <= 0) {
+        printf("SetSequence error");
+        return 0;
+    }
 
     XMEMCPY(out, seqArray, seqSz);
     XMEMCPY(out + seqSz, algoArray, algoSz);
@@ -18860,7 +18872,7 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
         #endif
                ) {
             ASNGetData dataASN[policyInfoASN_Length];
-            byte* data;
+            byte* data = NULL;
             word32 length = 0;
 
             /* Clear dynamic data and check OID is a cert policy type. */
@@ -19980,7 +19992,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         /* Check parameters starting with a SEQUENCE. */
         else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
             word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
-            word32 sigAlgParamsSz;
+            word32 sigAlgParamsSz = 0;
 
             /* Parameters only with RSA PSS. */
             if (oid != CTC_RSASSAPSS) {
@@ -29006,9 +29018,9 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
     return ret;
 #else
     DECL_ASNSETDATA(dataASN, certReqBodyASN_Length);
-    word32 publicKeySz;
+    word32 publicKeySz = 0;
     word32 subjectSz = 0;
-    word32 extSz;
+    word32 extSz = 0;
     int sz = 0;
     int ret = 0;
 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
@@ -29322,7 +29334,7 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
     }
 
     if (certSignCtx->sig == NULL) {
-        certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
+         certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (certSignCtx->sig == NULL)
             return MEMORY_E;