Files
Gyorgy Sarvari b7180060eb wolfssl: patch CVE-2025-7395
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7395

Backport the patches from the PR[1] that is referenced by the project's
changelog[2] to fix this issue.

[1]: https://github.com/wolfSSL/wolfssl/pull/8833
[2]: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:15 +05:30

26 lines
1.2 KiB
Diff

From f2a85e37e552d8dfafa2cbf32507b2fa545ee593 Mon Sep 17 00:00:00 2001
From: Brett <bigbrett@users.noreply.github.com>
Date: Wed, 4 Jun 2025 16:56:16 -0600
Subject: [PATCH] add missing error trace macro
CVE: CVE-2025-7395
Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/0e2a3fd0b64bc6ba633aa9227e92ecacb42b5b1b]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/internal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/internal.c b/src/internal.c
index 79f584a0a..5557b5698 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -15991,7 +15991,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* If we can't validate the peer cert chain against the CAs loaded
* into wolfSSL, try to validate against the system certificates
* using Apple's native trust APIs */
- if ((ret == ASN_NO_SIGNER_E) &&
+ if ((ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) &&
(ssl->ctx->doAppleNativeCertValidationFlag)) {
if (DoAppleNativeCertValidation(ssl, args->certs,
args->totalCerts)) {