Skip to content

Commit 50b1044

Browse files
authored
Merge pull request #7347 from JacobBarthelmeh/coverity2
Coverity Fixes QUIC
2 parents ffb43d0 + dd6db02 commit 50b1044

File tree

2 files changed

+22
-0
lines changed

2 files changed

+22
-0
lines changed

src/quic.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,11 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl,
8383
}
8484
else {
8585
qr->capacity = qr->len = qr_length(data, len);
86+
if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
87+
WOLFSSL_MSG("QUIC length read larger than expected");
88+
quic_record_free(ssl, qr);
89+
return NULL;
90+
}
8691
}
8792
if (qr->capacity == 0) {
8893
qr->capacity = 2*1024;
@@ -129,6 +134,14 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
129134
consumed = missing;
130135

131136
qr->len = qr_length(qr->data, qr->end);
137+
138+
/* sanity check on length read from wire before use */
139+
if (qr->len > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
140+
WOLFSSL_MSG("Length read for quic is larger than expected");
141+
ret = BUFFER_E;
142+
goto cleanup;
143+
}
144+
132145
if (qr->len > qr->capacity) {
133146
uint8_t *ndata = (uint8_t*)XREALLOC(qr->data, qr->len, ssl->heap,
134147
DYNAMIC_TYPE_TMP_BUFFER);

wolfssl/quic.h

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -290,6 +290,15 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
290290
const uint8_t* salt, size_t saltlen,
291291
const uint8_t* info, size_t infolen);
292292

293+
/* most common QUIC packet size as of 2022 was 1,200 bytes
294+
* largest packet size listed in the RFC is 1,392 bytes
295+
* this gives plenty of breathing room for capacity of records but keeps sizes
296+
* read from the wire sane */
297+
#ifndef WOLFSSL_QUIC_MAX_RECORD_CAPACITY
298+
/* 1024*1024 -- 1 MB */
299+
#define WOLFSSL_QUIC_MAX_RECORD_CAPACITY (1048576)
300+
#endif
301+
293302
#endif /* WOLFSSL_QUIC */
294303

295304
#ifdef __cplusplus

0 commit comments

Comments
 (0)