From 2f3495f286a6f5204c74a8f97cb9cc10dbc807e7 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 29 Mar 2024 01:15:04 -0500 Subject: [PATCH] src/tls13.c: remove unreachable break in DoTls13CertificateVerify(). tests/api.c: fix various use-after-frees of file in do_dual_alg_root_certgen() and do_dual_alg_server_certgen(). --- src/tls13.c | 1 - tests/api.c | 35 ++++++++++++++++++++++++++++------- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index 32ce1a654..613747988 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -9942,7 +9942,6 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, break; default: ERROR_OUT(PEER_KEY_ERROR, exit_dcv); - break; } if (ret != 0) diff --git a/tests/api.c b/tests/api.c index 33e40f173..1a48be2c5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -878,7 +878,10 @@ static int do_dual_alg_root_certgen(byte **out, char *caKeyFile, XMEMSET(caKeyBuf, 0, caKeySz); ExpectNotNull(file = fopen(caKeyFile, "rb")); ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0); - fclose(file); + if (file) { + fclose(file); + file = NULL; + } ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0); idx = 0; ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz), @@ -886,11 +889,17 @@ static int do_dual_alg_root_certgen(byte **out, char *caKeyFile, XMEMSET(sapkiBuf, 0, sapkiSz); ExpectNotNull(file = fopen(sapkiFile, "rb")); ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0); - fclose(file); + if (file) { + fclose(file); + file = NULL; + } XMEMSET(altPrivBuf, 0, altPrivSz); ExpectNotNull(file = fopen(altPrivFile, "rb")); ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0); - fclose(file); + if (file) { + fclose(file); + file = NULL; + } wc_ecc_init(&altCaKey); idx = 0; ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey, @@ -981,7 +990,10 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, ExpectNotNull(file = fopen(serverKeyFile, "rb")); ExpectIntGT(serverKeySz = (word32)fread(serverKeyBuf, 1, serverKeySz, file), 0); - fclose(file); + if (file) { + fclose(file); + file = NULL; + } ExpectIntEQ(wc_InitRsaKey_ex(&serverKey, NULL, INVALID_DEVID), 0); idx = 0; ExpectIntEQ(wc_RsaPrivateKeyDecode(serverKeyBuf, &idx, &serverKey, @@ -989,7 +1001,10 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, XMEMSET(caKeyBuf, 0, caKeySz); ExpectNotNull(file = fopen(caKeyFile, "rb")); ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0); - fclose(file); + if (file) { + fclose(file); + file = NULL; + } ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0); idx = 0; ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, @@ -997,11 +1012,17 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, XMEMSET(sapkiBuf, 0, sapkiSz); ExpectNotNull(file = fopen(sapkiFile, "rb")); ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0); - fclose(file); + if (file) { + fclose(file); + file = NULL; + } XMEMSET(altPrivBuf, 0, altPrivSz); ExpectNotNull(file = fopen(altPrivFile, "rb")); ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0); - fclose(file); + if (file) { + fclose(file); + file = NULL; + } wc_ecc_init(&altCaKey); idx = 0; ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,