From fe9a876895349e2948b522142baa63575e88396c Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 6 Mar 2020 17:13:59 +0100 Subject: [PATCH 1/2] Check length to avoid XSTRNCMP accessing memory after `list` --- src/ssl.c | 3 ++- wolfssl/internal.h | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 945ac32e5..4f6af78f4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33160,7 +33160,8 @@ static int populate_groups(int* groups, int max_count, char *list) return -1; } for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { - if (XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) { + if (len == nist_name->name_len && + XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) { break; } } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a586184d7..5238f62cb 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4239,7 +4239,7 @@ static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; #ifdef OPENSSL_EXTRA typedef struct { - int name_len; + size_t name_len; const char *name; int nid; } WOLF_EC_NIST_NAME; From b1a80973ddf5d77e84fc2d210da2842ba561111e Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 2 Apr 2020 15:51:12 +0200 Subject: [PATCH 2/2] size_t -> int --- src/ssl.c | 6 +++--- wolfssl/internal.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4f6af78f4..93899c02a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33138,7 +33138,7 @@ const char* wolfSSL_EC_curve_nid2nist(int nid) static int populate_groups(int* groups, int max_count, char *list) { char *end; - size_t len; + int len; int count = 0; const WOLF_EC_NIST_NAME* nist_name; @@ -33152,8 +33152,8 @@ static int populate_groups(int* groups, int max_count, char *list) return -1; } while (*end != ':' && *end != '\0') end++; - len = end - list; /* end points to char after end - * of curve name so no need for -1 */ + len = (int)(end - list); /* end points to char after end + * of curve name so no need for -1 */ if ((len < kNistCurves_MIN_NAME_LEN) || (len > kNistCurves_MAX_NAME_LEN)) { WOLFSSL_MSG("Unrecognized curve name in list"); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5238f62cb..a586184d7 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4239,7 +4239,7 @@ static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; #ifdef OPENSSL_EXTRA typedef struct { - size_t name_len; + int name_len; const char *name; int nid; } WOLF_EC_NIST_NAME;