feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix for memory leak due to missed WOLFSSL_GENERAL_NAME capability changes

Browse Source
This commit is contained in:
JacobBarthelmeh
2024-11-06 17:10:54 -07:00
parent 7e291992c0
commit a896c16ebd
4 changed files with 81 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
src/x509.c
View File

@ -587,6 +587,76 @@ err:
#endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns)
{
gn->type = dns->type;
switch (gn->type) {
case WOLFSSL_GEN_OTHERNAME:
if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
WOLFSSL_MSG("OTHERNAME set failed");
return WOLFSSL_FAILURE;
}
break;
case WOLFSSL_GEN_EMAIL:
case WOLFSSL_GEN_DNS:
case WOLFSSL_GEN_URI:
case WOLFSSL_GEN_IPADD:
case WOLFSSL_GEN_IA5:
gn->d.ia5->length = dns->len;
if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set failed");
return WOLFSSL_FAILURE;
}
break;
case WOLFSSL_GEN_DIRNAME:
/* wolfSSL_GENERAL_NAME_new() mallocs this by default */
wolfSSL_ASN1_STRING_free(gn->d.ia5);
gn->d.ia5 = NULL;
gn->d.dirn = wolfSSL_X509_NAME_new();;
/* @TODO extract dir name info from DNS_entry */
break;
#ifdef WOLFSSL_RID_ALT_NAME
case WOLFSSL_GEN_RID:
/* wolfSSL_GENERAL_NAME_new() mallocs this by default */
wolfSSL_ASN1_STRING_free(gn->d.ia5);
gn->d.ia5 = NULL;
gn->d.registeredID = wolfSSL_ASN1_OBJECT_new();
if (gn->d.registeredID == NULL) {
return WOLFSSL_FAILURE;
}
gn->d.registeredID->obj = XMALLOC(dns->len,
gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1);
if (gn->d.registeredID->obj == NULL) {
/* registeredID gets free'd up by caller after failure */
return WOLFSSL_FAILURE;
}
gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len);
gn->d.registeredID->objSz = dns->len;
gn->d.registeredID->grp = oidCertExtType;
gn->d.registeredID->nid = WC_NID_registeredAddress;
break;
#endif
case WOLFSSL_GEN_X400:
/* Unsupported: fall through */
case WOLFSSL_GEN_EDIPARTY:
/* Unsupported: fall through */
default:
WOLFSSL_MSG("Unsupported type conversion");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
WOLFSSL_X509_EXTENSION* ext)
{
@ -624,24 +694,10 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
goto err;
}
gn->type = dns->type;
if (gn->type == WOLFSSL_GEN_OTHERNAME) {
if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
WOLFSSL_MSG("OTHERNAME set failed");
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
goto err;
}
}
else {
gn->d.ia5->length = dns->len;
if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set failed");
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
goto err;
}
if (DNS_to_GENERAL_NAME(gn, dns) != WOLFSSL_SUCCESS) {
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
goto err;
}
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {

5
tests/api.c
View File

@ -77998,6 +77998,7 @@ static int test_X509_REQ(void)
#ifdef HAVE_ECC
const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
BIO* bio = NULL;
#endif
ExpectNotNull(name = X509_NAME_new());
@ -78089,6 +78090,10 @@ static int test_X509_REQ(void)
/* Signature is random and may be shorter or longer. */
ExpectIntGE((len = i2d_X509_REQ(req, &der)), 245);
ExpectIntLE(len, 253);
ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
ExpectIntEQ(X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
ExpectIntEQ(X509_REQ_print(bio, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
X509_REQ_free(req);
EVP_PKEY_free(pub);

2
wolfssl/openssl/ssl.h
View File

@ -567,7 +567,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_sign wolfSSL_X509_sign
#define X509_sign_ctx wolfSSL_X509_sign_ctx
#define X509_print wolfSSL_X509_print
#define X509_REQ_print wolfSSL_X509_print
#define X509_REQ_print wolfSSL_X509_REQ_print
#define X509_print_ex wolfSSL_X509_print_ex
#define X509_print_fp wolfSSL_X509_print_fp
#define X509_CRL_print wolfSSL_X509_CRL_print

1
wolfssl/wolfcrypt/asn.h
View File

@ -912,6 +912,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
#define WC_NID_postalCode ASN_POSTAL_CODE /* postalCode */
#define WC_NID_favouriteDrink 462
#define WC_NID_userId 458
#define WC_NID_registeredAddress 870
#define WC_NID_emailAddress 0x30 /* emailAddress */
#define WC_NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */
#define WC_NID_ms_upn 265 /* 1.3.6.1.4.1.311.20.2.3 */