Skip to content

Fix build for !WOLFSSL_SP_SMALL#1

Closed
kaleb-himes wants to merge 2 commits into
SparkiDev:sp_arm32_divwfrom
kaleb-himes:sp_arm32_divw_addition
Closed

Fix build for !WOLFSSL_SP_SMALL#1
kaleb-himes wants to merge 2 commits into
SparkiDev:sp_arm32_divwfrom
kaleb-himes:sp_arm32_divw_addition

Conversation

@kaleb-himes
Copy link
Copy Markdown

@kaleb-himes kaleb-himes commented May 12, 2020

No description provided.

@kaleb-himes kaleb-himes mentioned this pull request May 12, 2020
Merged
@SparkiDev SparkiDev closed this May 13, 2020
SparkiDev pushed a commit that referenced this pull request Jan 21, 2022
@rizlik
dtls-srtp: check that length of strings matched before memcomparing
9b69f69 
otherwise if profile_str_len is > strlen(gSrtpProfiles[i].name) we end up
comparing memory past gSrtpProfiles[i].name. -fsanitize=address catches this:

```
==100159==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f40d8d533b2 at pc 0x7f40d8eb014f bp 0x7f40d50fe240 sp 0x7f40d50fd9e8
READ of size 21 at 0x7f40d8d533b2 thread T107
    #0 0x7f40d8eb014e in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
    #1 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
    #2 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
    wolfSSL#3 0x7f40d8c2e830 in DtlsSrtpFindProfile src/ssl.c:1310
    wolfSSL#4 0x7f40d8c2e9ed in DtlsSrtpSelProfiles src/ssl.c:1347
    wolfSSL#5 0x7f40d8c2eada in wolfSSL_CTX_set_tlsext_use_srtp src/ssl.c:1359
    wolfSSL#6 0x563bf381b4c5 in server_test examples/server/server.c:2278
    wolfSSL#7 0x7f40d88f0258 in start_thread (/usr/lib/libpthread.so.0+0x9258)
    wolfSSL#8 0x7f40d88195e2 in __GI___clone (/usr/lib/libc.so.6+0xfe5e2)
```
@kaleb-himes kaleb-himes deleted the sp_arm32_divw_addition branch May 4, 2023 20:21
SparkiDev added a commit that referenced this pull request May 28, 2026
@SparkiDev
X509 API: fix issues
2ab4411 
1. BasicConstraints pathLenConstraint absent vs. 0 —
get_ext_d2i/set_ext/V3_EXT_d2i now distinguish "no constraint" from 0
per RFC 5280 §4.2.1.9, using the existing basicConstPlSet flag.
2. GENERAL_NAME_print GEN_DIRNAME — added missing return-value
normalization so the directory name is actually printed (was emitting
only DirName:).
3. GENERAL_NAME_print GEN_DNS — use ASN1_STRING_print like the EMAIL/URI
cases, avoiding NULL-strData deref and NUL-truncation.
4. X509_print BasicConstraints — print , pathlen:N to match OpenSSL.
5. X509_print Extended Key Usage — print Any Extended Key Usage (was
omitted).
6. get_ext_d2i CRL_DIST_OID double-free — null gn immediately after
ownership transfers to dp, so an error from the next push doesn't free
it twice.
7. X509V3_EXT_print SAN truncation/failure — match XSNPRINTF size cap to
the allocation; was truncating at indent==1 and failing at indent>=2.
8. X509V3_EXT_print AUTH_KEY/SUBJ_KEY NULL deref — NULL-check
i2s_ASN1_STRING return before passing to %s.
9. X509_add_ext SAN type confusion — reject DIRNAME/RID/X400/EDIPARTY;
only the ASN1_STRING*-backed types are read via gn->d.ia5. Was
performing a wild-pointer XMEMCPY in add_altname_ex.

Also: extracted the SAN and WOLFSSL_CUSTOM_OID arms of X509_add_ext into
static helpers (behavior-preserving).

Regression tests added for #1–5 and wolfSSL#9; existing GENERAL_NAME_print test
hardened (gives GEN_DIRNAME a real directoryName, eliminating an OOB
read that the print fix would otherwise expose).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kaleb-himes @SparkiDev