src/pk.c: fix misuses around snprintf().

2025-08-01 03:34:39 +02:00 · 2022-06-29 22:45:30 -05:00
parent 28213ad198
commit 1a9388b935
1 changed files with 48 additions and 18 deletions
--- a/src/pk.c
+++ b/src/pk.c
@@ -151,10 +151,15 @@ static int wolfssl_print_indent(WOLFSSL_BIO* bio, char* line, int lineLen,

    if (indent > 0) {
        /* Print indent spaces. */
-        lineLen = (int)XSNPRINTF(line, lineLen - 1, "%*s", indent, " ");
-        /* Write indents string to BIO */
-        if (wolfSSL_BIO_write(bio, line, lineLen) <= 0) {
+        int len_wanted = XSNPRINTF(line, lineLen, "%*s", indent, " ");
+        if (len_wanted >= lineLen) {
+            WOLFSSL_MSG("Buffer overflow formatting indentation");
            ret = 0;
+        } else {
+            /* Write indents string to BIO */
+            if (wolfSSL_BIO_write(bio, line, len_wanted) <= 0) {
+                ret = 0;
+            }
        }
    }

@@ -193,11 +198,16 @@ static int wolfssl_print_value(WOLFSSL_BIO* bio, mp_int* value,
        /* Get 32-bits of value. */
        v = (word32)value->dp[0];
        /* Print the line to the string. */
-        len = (int)XSNPRINTF(line, sizeof(line) - 1, "%s %u (0x%x)\n", name, v,
+        len = (int)XSNPRINTF(line, sizeof(line), "%s %u (0x%x)\n", name, v,
            v);
-        /* Write string to BIO */
-        if (wolfSSL_BIO_write(bio, line, len) <= 0) {
+        if (len >= (int)sizeof(line)) {
+            WOLFSSL_MSG("Buffer overflow while formatting value");
            ret = 0;
+        } else {
+            /* Write string to BIO */
+            if (wolfSSL_BIO_write(bio, line, len) <= 0) {
+                ret = 0;
+            }
        }
    }

@@ -247,9 +257,14 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
    }
    if (ret == 1) {
        /* Print header string line to string. */
-        li = XSNPRINTF(line, sizeof(line) - 1, "%s\n", name);
-        if (wolfSSL_BIO_write(bio, line, li) <= 0) {
+        li = XSNPRINTF(line, sizeof(line), "%s\n", name);
+        if (li >= (int)sizeof(line)) {
+            WOLFSSL_MSG("Buffer overflow formatting name");
            ret = 0;
+        } else {
+            if (wolfSSL_BIO_write(bio, line, li) <= 0) {
+                ret = 0;
+            }
        }
    }
    if (ret == 1) {
@@ -259,16 +274,27 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
    if (ret == 1) {
        /* Start first digit line with spaces.
         * Writing out zeros ensures number is a positive value. */
-        li = XSNPRINTF(line, sizeof(line) - 1, PRINT_NUM_INDENT "%s",
+        li = XSNPRINTF(line, sizeof(line), PRINT_NUM_INDENT "%s",
            mp_leading_bit(num) ?  "00:" : "");
+        if (li >= (int)sizeof(line)) {
+            WOLFSSL_MSG("Buffer overflow formatting spaces");
+            ret = 0;
+        }
    }

    /* Put out each line of numbers. */
    for (i = 0; (ret == 1) && (i < rawLen); i++) {
-        /* Check for a complete line. */
-        if (li >= PRINT_NUM_MAX_DIGIT_LINE) {
-            /* More bytes coming so change the trailing ':' to a line break. */
-            line[li-1] = '\n';
+        /* Encode another byte as 2 hex digits and append colon. */
+        int len_wanted = XSNPRINTF(line + li, sizeof(line) - li, "%02x:",
+                                   rawKey[i]);
+        /* Check if there was room -- if not, print the current line, not
+         * including the newest octet.
+         */
+        if (len_wanted >= (int)sizeof(line) - li) {
+            /* bump current octet to the next line. */
+            --i;
+            /* More bytes coming so add a line break. */
+            line[li++] = '\n';
            /* Write out the line. */
            if (wolfSSL_BIO_write(bio, line, li) <= 0) {
                ret = 0;
@@ -280,9 +306,8 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
            /* Put the leading spaces on new line. */
            XSTRNCPY(line, PRINT_NUM_INDENT, PRINT_NUM_INDENT_CNT + 1);
            li = PRINT_NUM_INDENT_CNT;
-        }
-        /* Encode another byte as 2 hex digits and append colon. */
-        li += XSNPRINTF(line + li, sizeof(line) - 1 - li, "%02x:", rawKey[i]);
+        } else
+            li += len_wanted;
    }

    if (ret == 1) {
@@ -1892,10 +1917,15 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
    }
    if (ret == 1) {
        /* Print header line. */
-        len = XSNPRINTF(line, sizeof(line) - 1, "\nRSA %s: (%d bit)\n",
+        len = XSNPRINTF(line, sizeof(line), "\nRSA %s: (%d bit)\n",
            (!mp_iszero(&key->d)) ? "Private-Key" : "Public-Key", sz);
-        if (wolfSSL_BIO_write(bio, line, len) <= 0) {
+        if (len >= (int)sizeof(line)) {
+            WOLFSSL_MSG("Buffer overflow while formatting key preamble");
            ret = 0;
+        } else {
+            if (wolfSSL_BIO_write(bio, line, len) <= 0) {
+                ret = 0;
+            }
        }
    }