From 3334b0185030a7a65f0005167855fa8faa3df953 Mon Sep 17 00:00:00 2001
From: BAder82t <41265463+BAder82t@users.noreply.github.com>
Date: Mon, 20 Apr 2026 02:05:45 +0200
Subject: [PATCH] fix: prevent OOB read in C API header validation (#737)

Serialization_IsCompatibleVersion and Serialization_IsValidHeader
set *result = false on a caller-buffer size mismatch but fall through
to memcpy(sizeof(SEALHeader)). A caller passing a smaller allocation
(e.g. size=1) triggers an out-of-bounds read of up to
sizeof(SEALHeader) bytes across the FFI boundary, yielding information
disclosure or DoS.

Return S_OK immediately after flagging the mismatch so the memcpy
never runs on an undersized buffer.

Closes #737
---
 native/src/seal/c/serialization.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/native/src/seal/c/serialization.cpp b/native/src/seal/c/serialization.cpp
index 22f6f87af..99eae387b 100644
--- a/native/src/seal/c/serialization.cpp
+++ b/native/src/seal/c/serialization.cpp
@@ -51,6 +51,7 @@ SEAL_C_FUNC Serialization_IsCompatibleVersion(uint8_t *headerptr, uint64_t size,
     if (size != static_cast<uint64_t>(sizeof(Serialization::SEALHeader)))
     {
         *result = false;
+        return S_OK;
     }
 
     Serialization::SEALHeader header;
@@ -68,6 +69,7 @@ SEAL_C_FUNC Serialization_IsValidHeader(uint8_t *headerptr, uint64_t size, bool
     if (size != static_cast<uint64_t>(sizeof(Serialization::SEALHeader)))
     {
         *result = false;
+        return S_OK;
     }
 
     Serialization::SEALHeader header;