From 73c286ae46b3d647e42326079efbf27b135d3d22 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 18 Apr 2025 16:02:46 -0600 Subject: [PATCH 1/4] fix possible null dereference, CID 518681 --- src/ssl_load.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index d3a64f59e..6f11a029a 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -1112,7 +1112,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, matchAnyKey = 1; } #ifdef WC_RSA_PSS - if(*keyFormat == RSAPSSk) { + if((ret == 0) && (*keyFormat == RSAPSSk)) { /* Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK), and to detect that the der is RSAPSSk (when *keyFormat == 0). From f834b9b08aab445904b034af32f64f26a71098c0 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 18 Apr 2025 16:31:33 -0600 Subject: [PATCH 2/4] add null sanity check to wolfSSL_SESSION_get_max_early_data, CID 516264 --- src/ssl_sess.c | 4 ++++ tests/quic.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/src/ssl_sess.c b/src/ssl_sess.c index dda518c91..7f8c56c30 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -3534,6 +3534,10 @@ int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses) #ifdef WOLFSSL_EARLY_DATA unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session) { + if (session == NULL) { + return BAD_FUNC_ARG; + } + return session->maxEarlyDataSz; } #endif /* WOLFSSL_EARLY_DATA */ diff --git a/tests/quic.c b/tests/quic.c index 355b07f69..3bfd2db07 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -1675,6 +1675,9 @@ static int test_quic_early_data(int verbose) { QuicTestContext_free(&tclient); QuicTestContext_free(&tserver); + /* check for error value with null argument */ + ExpectIntEQ(wolfSSL_SESSION_get_max_early_data(NULL), BAD_FUNC_ARG); + /* QUIC requires 0 or 0xffffffff as only allowed values. * Since we enabled early data in the server that created the session, * we need to see it here. */ From 69a4607f84b3ebe1dc7cce7b2950137f95fb2de8 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 18 Apr 2025 16:47:36 -0600 Subject: [PATCH 3/4] null sanity check on arguments in wc_HpkeContextComputeNonce, CID 515543 --- wolfcrypt/src/hpke.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index 4cd679f4d..8ce209fa7 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -586,6 +586,10 @@ static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context, int ret; byte seq_bytes[HPKE_Nn_MAX]; + if (hpke == NULL || context == NULL) { + return BAD_FUNC_ARG; + } + /* convert the sequence into a byte string with the same length as the * nonce */ ret = I2OSP(context->seq, (int)hpke->Nn, seq_bytes); From d48108691054b1f91df30e9b96c560b568b4b738 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 18 Apr 2025 16:52:25 -0600 Subject: [PATCH 4/4] restore internal hashes pointer on error, CID 515542 --- src/internal.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/internal.c b/src/internal.c index b52e01df8..843ca18ba 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7306,6 +7306,8 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, ret = InitHandshakeHashes(ssl); if (ret != 0) { WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret); + ssl->hsHashes = tmpHashes; /* restore hsHashes pointer to original + * before returning */ return ret; }