From dcebd0d34947f507a7a26b5de8c1223fbe218c1c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 23 Aug 2022 13:50:56 -0500 Subject: [PATCH 1/2] wolfssl/wolfcrypt/logging.h: when !WOLFSSL_VERBOSE_ERRORS, define WOLFSSL_ERROR_VERBOSE(e) as (void)(e) to avert clang-analyzer-deadcode.DeadStores, and avert bare semicolons. --- wolfssl/wolfcrypt/logging.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 459d4f79e..1a756ced9 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -204,9 +204,9 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); OPENSSL_EXTRA */ #ifdef WOLFSSL_VERBOSE_ERRORS - #define WOLFSSL_ERROR_VERBOSE WOLFSSL_ERROR +#define WOLFSSL_ERROR_VERBOSE(e) WOLFSSL_ERROR(e) #else - #define WOLFSSL_ERROR_VERBOSE(e) +#define WOLFSSL_ERROR_VERBOSE(e) (void)(e) #endif /* WOLFSSL_VERBOSE_ERRORS */ #ifdef HAVE_STACK_SIZE_VERBOSE From 8f70f98640a1f71b85b509f313aba4a65829eaa7 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 23 Aug 2022 13:52:42 -0500 Subject: [PATCH 2/2] wolfcrypt/src/asn.c: refactor _SMALL_STACK code path in ParseCRL_Extensions() to fix memory leaks and heap-use-after-free. --- wolfcrypt/src/asn.c | 42 ++++++++++++++++++++---------------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8a893ba66..6931444a3 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -35019,46 +35019,44 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, } else { if (length > 1) { - #ifdef WOLFSSL_SMALL_STACK - mp_int* m; - #else - mp_int m[1]; - #endif int i; - #ifdef WOLFSSL_SMALL_STACK - m = (mp_int*)XMALLOC(sizeof(*m), NULL, + mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL, DYNAMIC_TYPE_BIGINT); if (m == NULL) { return MEMORY_E; } + #else + mp_int m[1]; #endif + if (mp_init(m) != MP_OKAY) { - return MP_INIT_E; + ret = MP_INIT_E; } - ret = mp_read_unsigned_bin(m, buf + idx, length); - if (ret != MP_OKAY) { - mp_free(m); - #ifdef WOLFSSL_SMALL_STACK - XFREE(m, NULL, DYNAMIC_TYPE_BIGINT); - #endif - return BUFFER_E; - } + if (ret == 0) + ret = mp_read_unsigned_bin(m, buf + idx, length); + if (ret != MP_OKAY) + ret = BUFFER_E; - dcrl->crlNumber = 0; - for (i = 0; i < (*m).used; ++i) { - if (i > (int)sizeof(word32)) { + if (ret == 0) { + dcrl->crlNumber = 0; + for (i = 0; i < (*m).used; ++i) { + if (i > (int)sizeof(word32)) { break; + } + dcrl->crlNumber |= ((word32)(*m).dp[i]) << + (DIGIT_BIT * i); } - dcrl->crlNumber |= ((word32)(*m).dp[i]) << - (DIGIT_BIT * i); } + mp_free(m); #ifdef WOLFSSL_SMALL_STACK XFREE(m, NULL, DYNAMIC_TYPE_BIGINT); #endif - mp_free(m); + + if (ret != 0) + return ret; } else { dcrl->crlNumber = buf[idx];