Fix SKID buffer overflow in CSR path and add missing NULL checks

Fix heap buffer overflow write in ReqCertFromX509() when subjKeyIdSz
exceeds CTC_MAX_SKID_SIZE. The existing CertFromX509() path already
had this bound check but the CSR path did not, so
wolfSSL_X509_set_subject_key_id() with a long SKID followed by
X509_REQ_sign() could overflow cert->skid.

Also fix NULL dereference in wc_SRTP_KDF / wc_SRTCP_KDF when idx is
NULL but kdrIdx >= 0. The idx pointer is dereferenced unconditionally
in wc_srtp_kdf_first_block() but was not validated at the entry points.

Additional minor hardening in wolfSSL_X509_get_der() and
wolfSSL_i2d_X509() to guard against derCert->length truncation when
cast to int and to reject zero/negative derSz before use.

Author: ColtonWilley

src/x509.c

@@ -4404,6 +4404,10 @@ const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
     if (x509 == NULL || x509->derCert == NULL || outSz == NULL)
         return NULL;
 
+    if (x509->derCert->length > (word32)INT_MAX) {
+        return NULL;
+    }
+
     *outSz = (int)x509->derCert->length;
     return x509->derCert->buffer;
 }
@@ -8674,7 +8678,7 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out)
     }
 
     der = wolfSSL_X509_get_der(x509, &derSz);
-    if (der == NULL) {
+    if (der == NULL || derSz <= 0) {
         WOLFSSL_LEAVE("wolfSSL_i2d_X509", MEMORY_E);
         return MEMORY_E;
     }
@@ -11711,10 +11715,15 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_sk_X509_OBJECT_deep_copy(
             cert->isCA = req->isCa;
             cert->basicConstSet = req->basicConstSet;
     #ifdef WOLFSSL_CERT_EXT
-            if (req->subjKeyIdSz != 0) {
+            if (req->subjKeyIdSz != 0 &&
+                    req->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
                 XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz);
                 cert->skidSz = (int)req->subjKeyIdSz;
             }
+            else if (req->subjKeyIdSz > CTC_MAX_SKID_SIZE) {
+                WOLFSSL_MSG("SKID too large for cert buffer");
+                return WOLFSSL_FAILURE;
+            }
             if (req->keyUsageSet)
                 cert->keyUsage = req->keyUsage;
 

wolfcrypt/src/kdf.c

@@ -1009,7 +1009,8 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
 
     /* Validate parameters. */
     if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
-            (saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24)) {
+            (saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
+            (idx == NULL && kdrIdx >= 0)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -1103,7 +1104,8 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt
 
     /* Validate parameters. */
     if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
-            (saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24)) {
+            (saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
+            (idx == NULL && kdrIdx >= 0)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -1194,7 +1196,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
     /* Validate parameters. */
     if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
             (saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
-            (outKey == NULL)) {
+            (outKey == NULL) || (idx == NULL && kdrIdx >= 0)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -1267,7 +1269,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt,
     /* Validate parameters. */
     if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
             (saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
-            (outKey == NULL)) {
+            (outKey == NULL) || (idx == NULL && kdrIdx >= 0)) {
         ret = BAD_FUNC_ARG;
     }