feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

wolfssl/internal.h and src/internal.c:

Browse Source 
change Buffers.prevSent and .plainSz from int to word32;

change SendData() sz arg from int sz to size_t sz;

add asserts in SendData() and ReceiveData() to prevent sz > INT_MAX (assuring no overflow internally or in the returned int).

wolfssl/ssl.h and src/ssl.c:

change WOLFSSL_BUFFER_INFO.length from unsigned int to word32 (no functional change, just for consistency);

add wolfSSL_write_internal(), refactor wolfSSL_write() to call it, and fix wolfSSL_write_ex() to take size_t sz, not int sz.
This commit is contained in:
Daniel Pouzzner
2025-01-24 17:16:08 -06:00
parent 1b338abb2d
commit 91aad90c59
4 changed files with 39 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/internal.c
View File

@ -25300,16 +25300,21 @@ static int ssl_in_handshake(WOLFSSL *ssl, int send)
return 0; return 0;
} }
int SendData(WOLFSSL* ssl, const void* data, int sz) int SendData(WOLFSSL* ssl, const void* data, size_t sz)
{ {
int sent = 0, /* plainText size */ word32 sent = 0; /* plainText size */
sendSz, int sendSz,
ret; ret;
#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
int groupMsgs = 0; int groupMsgs = 0;
#endif #endif
int error = ssl->error; int error = ssl->error;
if (sz > INT_MAX) {
WOLFSSL_MSG("SendData sz overflow");
return WOLFSSL_FATAL_ERROR;
}
if (error == WC_NO_ERR_TRACE(WANT_WRITE) if (error == WC_NO_ERR_TRACE(WANT_WRITE)
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
|| error == WC_NO_ERR_TRACE(WC_PENDING_E) || error == WC_NO_ERR_TRACE(WC_PENDING_E)
@ -25414,7 +25419,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
sent = ssl->buffers.prevSent + ssl->buffers.plainSz; sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
WOLFSSL_MSG("sent write buffered data"); WOLFSSL_MSG("sent write buffered data");
if (sent > sz) { if (sent > (word32)sz) {
WOLFSSL_MSG("error: write() after WANT_WRITE with short size"); WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
return (ssl->error = BAD_FUNC_ARG); return (ssl->error = BAD_FUNC_ARG);
} }
@ -25503,19 +25508,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent); buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent);
} }
else else
#endif #endif
{ {
buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent); buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent);
} }
if (sent == sz) break; if (sent == (word32)sz) break;
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
if (ssl->options.dtls && (buffSz < sz - sent)) { if (ssl->options.dtls && ((size_t)buffSz < (word32)sz - sent)) {
error = DTLS_SIZE_ERROR; error = DTLS_SIZE_ERROR;
ssl->error = error; ssl->error = error;
WOLFSSL_ERROR(error); WOLFSSL_ERROR(error);
@ -25693,6 +25698,11 @@ int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek)
WOLFSSL_ENTER("ReceiveData"); WOLFSSL_ENTER("ReceiveData");
if (sz > INT_MAX) {
WOLFSSL_MSG("ReceiveData sz overflow");
return WOLFSSL_FATAL_ERROR;
}
/* reset error state */ /* reset error state */
if (error == WC_NO_ERR_TRACE(WANT_READ) || if (error == WC_NO_ERR_TRACE(WANT_READ) ||
error == WOLFSSL_ERROR_WANT_READ) { error == WOLFSSL_ERROR_WANT_READ) {

22
src/ssl.c
View File

@ -2970,14 +2970,13 @@ int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
#endif /* !NO_DH */ #endif /* !NO_DH */
WOLFSSL_ABI static int wolfSSL_write_internal(WOLFSSL* ssl, const void* data, size_t sz)
int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
{ {
int ret; int ret;
WOLFSSL_ENTER("wolfSSL_write"); WOLFSSL_ENTER("wolfSSL_write");
if (ssl == NULL || data == NULL || sz < 0) if (ssl == NULL || data == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifdef WOLFSSL_QUIC #ifdef WOLFSSL_QUIC
@ -3037,6 +3036,17 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
return ret; return ret;
} }
WOLFSSL_ABI
int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
{
WOLFSSL_ENTER("wolfSSL_write");
if (sz < 0)
return BAD_FUNC_ARG;
return wolfSSL_write_internal(ssl, data, sz);
}
int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz) int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
{ {
int maxLength; int maxLength;
@ -3074,7 +3084,7 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
} }
int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, int sz, size_t* wr) int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz, size_t* wr)
{ {
int ret; int ret;
@ -3082,7 +3092,7 @@ int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, int sz, size_t* wr)
*wr = 0; *wr = 0;
} }
ret = wolfSSL_write(ssl, data, sz); ret = wolfSSL_write_internal(ssl, data, sz);
if (ret >= 0) { if (ret >= 0) {
if (wr != NULL) { if (wr != NULL) {
*wr = (size_t)ret; *wr = (size_t)ret;
@ -3093,7 +3103,7 @@ int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, int sz, size_t* wr)
if (ret == 0 && ssl->options.partialWrite) { if (ret == 0 && ssl->options.partialWrite) {
ret = 0; ret = 0;
} }
else if (ret < sz && !ssl->options.partialWrite) { else if ((size_t)ret < sz && !ssl->options.partialWrite) {
ret = 0; ret = 0;
} }
else { else {

6
wolfssl/internal.h
View File

@ -4801,9 +4801,9 @@ typedef struct Buffers {
buffer clearOutputBuffer; buffer clearOutputBuffer;
buffer sig; /* signature data */ buffer sig; /* signature data */
buffer digest; /* digest data */ buffer digest; /* digest data */
int prevSent; /* previous plain text bytes sent word32 prevSent; /* previous plain text bytes sent
when got WANT_WRITE */ when got WANT_WRITE */
int plainSz; /* plain text bytes in buffer to send word32 plainSz; /* plain text bytes in buffer to send
when got WANT_WRITE */ when got WANT_WRITE */
byte weOwnCert; /* SSL own cert flag */ byte weOwnCert; /* SSL own cert flag */
byte weOwnCertChain; /* SSL own cert chain flag */ byte weOwnCertChain; /* SSL own cert chain flag */
@ -6500,7 +6500,7 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk,
WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
#endif /* HAVE_SESSION_TICKET */ #endif /* HAVE_SESSION_TICKET */
WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz); WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, size_t sz);
#ifdef WOLFSSL_THREADED_CRYPT #ifdef WOLFSSL_THREADED_CRYPT
WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl); WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl);
#endif #endif

4
wolfssl/ssl.h
View File

@ -604,7 +604,7 @@ struct WOLFSSL_EVP_PKEY {
typedef struct WOLFSSL_BUFFER_INFO { typedef struct WOLFSSL_BUFFER_INFO {
unsigned char* buffer; unsigned char* buffer;
unsigned int length; word32 length;
} WOLFSSL_BUFFER_INFO; } WOLFSSL_BUFFER_INFO;
typedef struct WOLFSSL_BUF_MEM { typedef struct WOLFSSL_BUF_MEM {
@ -1365,7 +1365,7 @@ WOLFSSL_API int wolfSSL_get_wfd(const WOLFSSL* ssl);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL* ssl);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_write( WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(
WOLFSSL* ssl, const void* data, int sz); WOLFSSL* ssl, const void* data, int sz);
WOLFSSL_API int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, int sz, WOLFSSL_API int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz,
size_t* wr); size_t* wr);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL* ssl, void* data, int sz); WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL* ssl, void* data, int sz);
WOLFSSL_API int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd); WOLFSSL_API int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd);