Implement copilot suggestions

This commit is contained in:
Juliusz Sosinowicz
2026-02-25 19:43:47 +01:00
parent 4578e1390f
commit a795b19db2
3 changed files with 64 additions and 16 deletions
+58 -12
View File
@@ -19,7 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* This is a test program and should not be used as an example. */
/* Example OCSP responder used for interoperability and stapling testing.
* This code is for demonstration/testing only and is not hardened for
* secure or production use. Do not use this as a reference implementation
* for deploying an OCSP responder in production.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -515,15 +519,43 @@ static int ParseHttpRequest(const byte* httpReq, int httpReqSz,
}
if (contentLen) {
*bodySz = atoi(contentLen + 15);
/* Reject obviously invalid or unreasonably large Content-Length */
if (*bodySz < 0 || *bodySz > MAX_REQUEST_SIZE) {
LOG_ERROR("Invalid or too large Content-Length: %d\n", *bodySz);
*body = NULL;
*bodySz = 0;
return -1;
}
}
/* Find body (after \r\n\r\n) */
*body = (const byte*)XSTRSTR((char*)httpReq, "\r\n\r\n");
if (*body) {
int offset;
*body += 4;
offset = (int)(*body - httpReq);
/* Validate that the body pointer is within the received buffer */
if (offset < 0 || offset > httpReqSz) {
LOG_ERROR("Invalid HTTP body offset\n");
*body = NULL;
*bodySz = 0;
return -1;
}
/* Use Content-Length if available, otherwise use remaining data */
if (*bodySz == 0) {
*bodySz = httpReqSz - (int)(*body - httpReq);
*bodySz = httpReqSz - offset;
}
/* Ensure that the claimed body length fits in the received data */
if (offset + *bodySz > httpReqSz) {
LOG_ERROR("Incomplete HTTP body: expected %d bytes, have %d\n",
*bodySz, httpReqSz - offset);
*body = NULL;
*bodySz = 0;
return -1;
}
return 0;
}
@@ -554,17 +586,31 @@ static int SendHttpResponse(SOCKET_T clientfd, const byte* ocspResp, int ocspRes
"\r\n", ocspRespSz);
/* Send header */
sent = (int)send(clientfd, header, (size_t)headerLen, 0);
if (sent != headerLen) {
LOG_ERROR("Failed to send HTTP header\n");
return -1;
{
int totalSent = 0;
while (totalSent < headerLen) {
sent = (int)send(clientfd, header + totalSent,
(size_t)(headerLen - totalSent), 0);
if (sent <= 0) {
LOG_ERROR("Failed to send HTTP header\n");
return -1;
}
totalSent += sent;
}
}
/* Send body */
sent = (int)send(clientfd, (const char*)ocspResp, (size_t)ocspRespSz, 0);
if (sent != ocspRespSz) {
LOG_ERROR("Failed to send OCSP response\n");
return -1;
{
int totalSent = 0;
while (totalSent < ocspRespSz) {
sent = (int)send(clientfd, (const char*)ocspResp + totalSent,
(size_t)(ocspRespSz - totalSent), 0);
if (sent <= 0) {
LOG_ERROR("Failed to send OCSP response\n");
return -1;
}
totalSent += sent;
}
}
return 0;
@@ -815,9 +861,9 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
/* Write ready file if requested */
if (opts.readyFile != NULL) {
XFILE rf = XFOPEN(opts.readyFile, "w");
if (rf != NULL) {
if (rf != XBADFILE) {
fprintf(rf, "%d\n", (int)opts.port);
fclose(rf);
XFCLOSE(rf);
if (opts.verbose) {
LOG_MSG("Ready file created: %s\n", opts.readyFile);
}
+4 -4
View File
@@ -2260,7 +2260,7 @@ int wc_OcspResponder_AddSigner(OcspResponder* responder,
DecodedCert* decoded = NULL;
word32 keyOID = 0;
WOLFSSL_ENTER("wc_OcspResponder_AddResponder");
WOLFSSL_ENTER("wc_OcspResponder_AddSigner");
if (responder == NULL || signerDer == NULL || signerDerSz == 0 ||
keyDer == NULL || keyDerSz == 0)
@@ -2326,7 +2326,7 @@ int wc_OcspResponder_AddSigner(OcspResponder* responder,
if (ret != 0)
goto out;
if (XMEMCMP(issuer, decoded->subject, WC_ASN_NAME_MAX) != 0) {
if (XSTRNCMP(issuer, decoded->subject, WC_ASN_NAME_MAX) != 0) {
/* Issuer name in responder cert does not match subject of issuer cert */
ret = BAD_FUNC_ARG;
goto out;
@@ -2827,6 +2827,8 @@ out:
return ret;
}
#endif /* HAVE_OCSP_RESPONDER */
/* Helper functions for testing */
int wc_InitOcspRequest(OcspRequest* req, DecodedCert* cert,
byte useNonce, void* heap)
@@ -2840,8 +2842,6 @@ int wc_EncodeOcspRequest(OcspRequest* req, byte* output,
return EncodeOcspRequest(req, output, size);
}
#endif /* HAVE_OCSP_RESPONDER */
#else /* HAVE_OCSP */
+2
View File
@@ -41026,6 +41026,8 @@ int OcspResponseEncode(OcspResponse* resp, byte* out, word32* outSz,
ret = SizeASN_Items(ocspResponseASN, dataASN,
ocspResponseASN_Length, &sz);
}
if (ret == 0 && sz > (int)*outSz)
ret = BUFFER_E;
if (ret == 0) {
if (SetASN_Items(ocspResponseASN, dataASN,
ocspResponseASN_Length, out) != sz)