From f021375c4bd7d85ff7a81021274061aeeb4b5df6 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 15 May 2018 17:23:35 -0700
Subject: [PATCH] Fixes for fsanitize reports.

---
 src/crl.c           | 14 ++++++++------
 src/internal.c      |  8 +++++---
 src/ssl.c           |  6 ++++--
 wolfcrypt/src/tfm.c |  2 +-
 4 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/src/crl.c b/src/crl.c
index 790c2f962..e033802e5 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -373,12 +373,14 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
 
             WOLFSSL_MSG("Issuing missing CRL callback");
             url[0] = '\0';
-            if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
-                XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
-                url[cert->extCrlInfoSz] = '\0';
-            }
-            else  {
-                WOLFSSL_MSG("CRL url too long");
+            if (cert->extCrlInfo) {
+                if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
+                    XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
+                    url[cert->extCrlInfoSz] = '\0';
+                }
+                else  {
+                    WOLFSSL_MSG("CRL url too long");
+                }
             }
 
             crl->cm->cbMissingCRL(url);
diff --git a/src/internal.c b/src/internal.c
index 42508d492..18957dc0c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7699,7 +7699,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 
     XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
     x509->serialSz = dCert->serialSz;
-    if (dCert->subjectCNLen < ASN_NAME_MAX) {
+    if (dCert->subjectCN && dCert->subjectCNLen < ASN_NAME_MAX) {
         XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
         x509->subjectCN[dCert->subjectCNLen] = '\0';
     }
@@ -8982,8 +8982,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 }
 
                 /* store for callback use */
-                if (args->dCert->subjectCNLen < ASN_NAME_MAX) {
-                    XMEMCPY(args->domain, args->dCert->subjectCN, args->dCert->subjectCNLen);
+                if (args->dCert->subjectCN &&
+                                    args->dCert->subjectCNLen < ASN_NAME_MAX) {
+                    XMEMCPY(args->domain, args->dCert->subjectCN,
+                        args->dCert->subjectCNLen);
                     args->domain[args->dCert->subjectCNLen] = '\0';
                 }
                 else {
diff --git a/src/ssl.c b/src/ssl.c
index 2d33b4d7a..4f22b68ca 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3612,8 +3612,10 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
 /* Make a work from the front of random hash */
 static INLINE word32 MakeWordFromHash(const byte* hashID)
 {
-    return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] <<  8) |
-            hashID[3];
+    return (((word32)hashID[0] << 24) |
+            ((word32)hashID[1] << 16) |
+            ((word32)hashID[2] <<  8) |
+            ((word32)hashID[3]));
 }
 
 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 8690ecf06..664a74b54 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -485,7 +485,7 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
 
    for (ix = 0; ix < pa; ix++) {
       /* get offsets into the two bignums */
-      ty = MIN(ix, B->used-1);
+      ty = MIN(ix, (B->used > 0 ? B->used - 1 : 0));
       tx = ix - ty;
 
       /* setup temp aliases */