Merge pull request #9748 from gasbytes/wolfSSL_d2i_SSL_SESSION-fix

SparkiDev · web-flow · commit 7245ad02bb1a · 2026-02-10T21:22:16.000+10:00
add missing checks in wolfSSL_d2i_SSL_SESSION
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
@@ -2827,12 +2827,20 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
         goto end;
     }
     s->chain.count = data[idx++];
+    if (s->chain.count > MAX_CHAIN_DEPTH) {
+        ret = BUFFER_ERROR;
+        goto end;
+    }
     for (j = 0; j < s->chain.count; j++) {
         if (i - idx < OPAQUE16_LEN) {
             ret = BUFFER_ERROR;
             goto end;
         }
         ato16(data + idx, &length); idx += OPAQUE16_LEN;
+        if (length > MAX_X509_SIZE) {
+            ret = BUFFER_ERROR;
+            goto end;
+        }
         s->chain.certs[j].length = length;
         if (i - idx < length) {
             ret = BUFFER_ERROR;
