wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix for leak with wolfSSL_a2i_ASN1_INTEGER

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-03-17 12:24:18 +07:00
parent df2e0905e0
commit 48d13bbfa5
2 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ssl.c
View File

@ -48230,7 +48230,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
asn1->isDynamic = 0;
}
XMEMSET(asn1->intData, 0, sizeof(WOLFSSL_ASN1_INTEGER));
XMEMSET(asn1->intData, 0, WOLFSSL_ASN1_INTEGER_MAX);
asn1->data = asn1->intData;
asn1->length = 0;
asn1->negative = 0;
@ -48259,7 +48259,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
len = asn1->length + (lineLen/2);
/* Check if it will fit in static memory and
* save space for the ASN tag in front */
if (len > (int)(sizeof(asn1->intData) - extraTagSz)) {
if (len > (int)(WOLFSSL_ASN1_INTEGER_MAX - extraTagSz)) {
/* Allocate mem for data */
if (asn1->isDynamic) {
byte* tmp = (byte*)XREALLOC(asn1->data, len + extraTagSz, NULL,
@ -48271,12 +48271,17 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
asn1->data = tmp;
}
else {
/* Up to this point asn1->data pointed to asn1->intData.
* Now that the size has grown larger than intData can handle
* the asn1 structure moves to a dynamic type with isDynamic
* flag being set and asn1->data being malloc'd. */
asn1->data = (byte*)XMALLOC(len + extraTagSz, NULL,
DYNAMIC_TYPE_OPENSSL);
if (!asn1->data) {
WOLFSSL_MSG("malloc error");
return WOLFSSL_FAILURE;
}
asn1->isDynamic = 1;
XMEMCPY(asn1->data, asn1->intData, asn1->length);
}
}

49
tests/api.c
View File

@ -29447,6 +29447,54 @@ static void test_wolfSSL_ASN1_BIT_STRING(void)
#endif
}
static void test_wolfSSL_a2i_ASN1_INTEGER(void)
{
#ifdef OPENSSL_EXTRA
BIO *bio, *out;
ASN1_INTEGER* ai;
char buf[] = "123456\n12345\n112345678912345678901234567890\n";
char tmp[1024];
int bufSz, tmpSz;
char* pt;
const char expected1[] = "123456";
const char expected2[] = "112345678912345678901234567890";
printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()");
pt = (char*)buf;
bufSz = sizeof(buf);
AssertNotNull(bio = BIO_new_mem_buf(buf, -1));
AssertNotNull(out = BIO_new(BIO_s_mem()));
AssertNotNull(ai = ASN1_INTEGER_new());
/* read first line */
AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
XMEMSET(tmp, 0, 1024);
tmpSz = BIO_read(out, tmp, 1024);
AssertIntEQ(tmpSz, 6);
AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
/* fail on second line (not % 2) */
AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
/* read 3rd long line */
AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
XMEMSET(tmp, 0, 1024);
tmpSz = BIO_read(out, tmp, 1024);
AssertIntEQ(tmpSz, 30);
AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
BIO_free(out);
BIO_free(bio);
ASN1_INTEGER_free(ai);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DES_ecb_encrypt(void)
{
@ -41480,6 +41528,7 @@ void ApiTest(void)
#endif
test_wolfSSL_ASN1_STRING();
test_wolfSSL_ASN1_BIT_STRING();
test_wolfSSL_a2i_ASN1_INTEGER();
test_wolfSSL_X509();
test_wolfSSL_X509_VERIFY_PARAM();
test_wolfSSL_X509_sign();