src/ssl_sk.c, src/x509.c, wolfssl/ssl.h: tweaks and fixes to from #9705: remove !WOLFSSL_LINUXKM gates, and fix nullPointerArithmeticRedundantCheck in ExtractHostFromUri().

2026-02-04 05:45:04 +01:00 · 2026-01-30 17:34:37 -06:00
parent 0b91a0e913
commit 6123febd3f
3 changed files with 12 additions and 13 deletions
--- a/src/ssl_sk.c
+++ b/src/ssl_sk.c
@@ -811,8 +811,7 @@ static wolfSSL_sk_freefunc wolfssl_sk_get_free_func(WOLF_STACK_TYPE type)
            func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_NAME_free;
            break;
        case STACK_TYPE_GENERAL_SUBTREE:
-        #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) && \
-            !defined(WOLFSSL_LINUXKM)
+        #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS)
            func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_SUBTREE_free;
        #endif
            break;
--- a/src/x509.c
+++ b/src/x509.c
@@ -2218,8 +2218,7 @@ out:

 #endif /* OPENSSL_ALL || OPENSSL_EXTRA */

-#if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) && \
-    !defined(WOLFSSL_LINUXKM)
+#if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS)
 /*
 * Convert a Base_entry linked list to a STACK of GENERAL_SUBTREE.
 *
@@ -2370,7 +2369,7 @@ static int ConvertBaseEntryToSubtreeStack(Base_entry* list, WOLFSSL_STACK* sk,

    return 0;
 }
-#endif /* OPENSSL_EXTRA && !IGNORE_NAME_CONSTRAINTS && !WOLFSSL_LINUXKM */
+#endif /* OPENSSL_EXTRA && !IGNORE_NAME_CONSTRAINTS */

 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 /* Looks for the extension matching the passed in nid
@@ -2874,8 +2873,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
            }
            break;

-    #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) && \
-        !defined(WOLFSSL_LINUXKM)
+    #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS)
        case NAME_CONS_OID:
        {
            WOLFSSL_NAME_CONSTRAINTS* nc = NULL;
@@ -2937,7 +2935,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,

            return nc;
        }
-    #endif /* OPENSSL_EXTRA && !IGNORE_NAME_CONSTRAINTS && !WOLFSSL_LINUXKM */
+    #endif /* OPENSSL_EXTRA && !IGNORE_NAME_CONSTRAINTS */

        case PRIV_KEY_USAGE_PERIOD_OID:
            WOLFSSL_MSG("Private Key Usage Period extension not supported");
@@ -5327,7 +5325,7 @@ void wolfSSL_EXTENDED_KEY_USAGE_free(WOLFSSL_STACK * sk)
    wolfSSL_sk_X509_pop_free(sk, NULL);
 }

-#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_LINUXKM)
+#if !defined(IGNORE_NAME_CONSTRAINTS)
 /*
 * Allocate and initialize an empty GENERAL_SUBTREE structure.
 * Returns NULL on allocation failure.
@@ -5480,12 +5478,14 @@ static const char* ExtractHostFromUri(const char* uri, int uriLen, int* hostLen)
    const char* hostStart;
    const char* hostEnd;
    const char* p;
-    const char* uriEnd = uri + uriLen;
+    const char* uriEnd;

    if (uri == NULL || uriLen <= 0 || hostLen == NULL) {
        return NULL;
    }

+    uriEnd = uri + uriLen;
+
    /* Find "://" to skip scheme */
    hostStart = NULL;
    for (p = uri; p < uriEnd - 2; p++) {
@@ -5692,7 +5692,7 @@ int wolfSSL_NAME_CONSTRAINTS_check_name(WOLFSSL_NAME_CONSTRAINTS* nc,

    return 1;
 }
-#endif /* !IGNORE_NAME_CONSTRAINTS && !WOLFSSL_LINUXKM */
+#endif /* !IGNORE_NAME_CONSTRAINTS */

 #if defined(OPENSSL_ALL) && !defined(NO_BIO)
 /* Outputs name string of the given WOLFSSL_GENERAL_NAME_OBJECT to WOLFSSL_BIO.
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1984,7 +1984,7 @@ WOLFSSL_API int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out,
                                           WOLFSSL_GENERAL_NAME* name);
 WOLFSSL_API void wolfSSL_EXTENDED_KEY_USAGE_free(WOLFSSL_STACK * sk);

-#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_LINUXKM)
+#if !defined(IGNORE_NAME_CONSTRAINTS)
 WOLFSSL_API WOLFSSL_NAME_CONSTRAINTS* wolfSSL_NAME_CONSTRAINTS_new(void);
 WOLFSSL_API void wolfSSL_NAME_CONSTRAINTS_free(WOLFSSL_NAME_CONSTRAINTS* nc);
 WOLFSSL_API int wolfSSL_NAME_CONSTRAINTS_check_name(
@@ -1994,7 +1994,7 @@ WOLFSSL_API void wolfSSL_GENERAL_SUBTREE_free(WOLFSSL_GENERAL_SUBTREE* subtree);
 WOLFSSL_API int wolfSSL_sk_GENERAL_SUBTREE_num(const WOLFSSL_STACK* sk);
 WOLFSSL_API WOLFSSL_GENERAL_SUBTREE* wolfSSL_sk_GENERAL_SUBTREE_value(
        const WOLFSSL_STACK* sk, int idx);
-#endif /* !IGNORE_NAME_CONSTRAINTS && !WOLFSSL_LINUXKM */
+#endif /* !IGNORE_NAME_CONSTRAINTS */

 WOLFSSL_API WOLFSSL_DIST_POINT* wolfSSL_DIST_POINT_new(void);
 WOLFSSL_API void wolfSSL_DIST_POINT_free(WOLFSSL_DIST_POINT* dp);