mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 12:00:51 +02:00
Implement copilot suggestions
This commit is contained in:
@@ -19,7 +19,11 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* This is a test program and should not be used as an example. */
|
||||
/* Example OCSP responder used for interoperability and stapling testing.
|
||||
* This code is for demonstration/testing only and is not hardened for
|
||||
* secure or production use. Do not use this as a reference implementation
|
||||
* for deploying an OCSP responder in production.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
@@ -515,15 +519,43 @@ static int ParseHttpRequest(const byte* httpReq, int httpReqSz,
|
||||
}
|
||||
if (contentLen) {
|
||||
*bodySz = atoi(contentLen + 15);
|
||||
/* Reject obviously invalid or unreasonably large Content-Length */
|
||||
if (*bodySz < 0 || *bodySz > MAX_REQUEST_SIZE) {
|
||||
LOG_ERROR("Invalid or too large Content-Length: %d\n", *bodySz);
|
||||
*body = NULL;
|
||||
*bodySz = 0;
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Find body (after \r\n\r\n) */
|
||||
*body = (const byte*)XSTRSTR((char*)httpReq, "\r\n\r\n");
|
||||
if (*body) {
|
||||
int offset;
|
||||
|
||||
*body += 4;
|
||||
offset = (int)(*body - httpReq);
|
||||
|
||||
/* Validate that the body pointer is within the received buffer */
|
||||
if (offset < 0 || offset > httpReqSz) {
|
||||
LOG_ERROR("Invalid HTTP body offset\n");
|
||||
*body = NULL;
|
||||
*bodySz = 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Use Content-Length if available, otherwise use remaining data */
|
||||
if (*bodySz == 0) {
|
||||
*bodySz = httpReqSz - (int)(*body - httpReq);
|
||||
*bodySz = httpReqSz - offset;
|
||||
}
|
||||
|
||||
/* Ensure that the claimed body length fits in the received data */
|
||||
if (offset + *bodySz > httpReqSz) {
|
||||
LOG_ERROR("Incomplete HTTP body: expected %d bytes, have %d\n",
|
||||
*bodySz, httpReqSz - offset);
|
||||
*body = NULL;
|
||||
*bodySz = 0;
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -554,17 +586,31 @@ static int SendHttpResponse(SOCKET_T clientfd, const byte* ocspResp, int ocspRes
|
||||
"\r\n", ocspRespSz);
|
||||
|
||||
/* Send header */
|
||||
sent = (int)send(clientfd, header, (size_t)headerLen, 0);
|
||||
if (sent != headerLen) {
|
||||
LOG_ERROR("Failed to send HTTP header\n");
|
||||
return -1;
|
||||
{
|
||||
int totalSent = 0;
|
||||
while (totalSent < headerLen) {
|
||||
sent = (int)send(clientfd, header + totalSent,
|
||||
(size_t)(headerLen - totalSent), 0);
|
||||
if (sent <= 0) {
|
||||
LOG_ERROR("Failed to send HTTP header\n");
|
||||
return -1;
|
||||
}
|
||||
totalSent += sent;
|
||||
}
|
||||
}
|
||||
|
||||
/* Send body */
|
||||
sent = (int)send(clientfd, (const char*)ocspResp, (size_t)ocspRespSz, 0);
|
||||
if (sent != ocspRespSz) {
|
||||
LOG_ERROR("Failed to send OCSP response\n");
|
||||
return -1;
|
||||
{
|
||||
int totalSent = 0;
|
||||
while (totalSent < ocspRespSz) {
|
||||
sent = (int)send(clientfd, (const char*)ocspResp + totalSent,
|
||||
(size_t)(ocspRespSz - totalSent), 0);
|
||||
if (sent <= 0) {
|
||||
LOG_ERROR("Failed to send OCSP response\n");
|
||||
return -1;
|
||||
}
|
||||
totalSent += sent;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -815,9 +861,9 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
|
||||
/* Write ready file if requested */
|
||||
if (opts.readyFile != NULL) {
|
||||
XFILE rf = XFOPEN(opts.readyFile, "w");
|
||||
if (rf != NULL) {
|
||||
if (rf != XBADFILE) {
|
||||
fprintf(rf, "%d\n", (int)opts.port);
|
||||
fclose(rf);
|
||||
XFCLOSE(rf);
|
||||
if (opts.verbose) {
|
||||
LOG_MSG("Ready file created: %s\n", opts.readyFile);
|
||||
}
|
||||
|
||||
+4
-4
@@ -2260,7 +2260,7 @@ int wc_OcspResponder_AddSigner(OcspResponder* responder,
|
||||
DecodedCert* decoded = NULL;
|
||||
word32 keyOID = 0;
|
||||
|
||||
WOLFSSL_ENTER("wc_OcspResponder_AddResponder");
|
||||
WOLFSSL_ENTER("wc_OcspResponder_AddSigner");
|
||||
|
||||
if (responder == NULL || signerDer == NULL || signerDerSz == 0 ||
|
||||
keyDer == NULL || keyDerSz == 0)
|
||||
@@ -2326,7 +2326,7 @@ int wc_OcspResponder_AddSigner(OcspResponder* responder,
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
|
||||
if (XMEMCMP(issuer, decoded->subject, WC_ASN_NAME_MAX) != 0) {
|
||||
if (XSTRNCMP(issuer, decoded->subject, WC_ASN_NAME_MAX) != 0) {
|
||||
/* Issuer name in responder cert does not match subject of issuer cert */
|
||||
ret = BAD_FUNC_ARG;
|
||||
goto out;
|
||||
@@ -2827,6 +2827,8 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* HAVE_OCSP_RESPONDER */
|
||||
|
||||
/* Helper functions for testing */
|
||||
int wc_InitOcspRequest(OcspRequest* req, DecodedCert* cert,
|
||||
byte useNonce, void* heap)
|
||||
@@ -2840,8 +2842,6 @@ int wc_EncodeOcspRequest(OcspRequest* req, byte* output,
|
||||
return EncodeOcspRequest(req, output, size);
|
||||
}
|
||||
|
||||
#endif /* HAVE_OCSP_RESPONDER */
|
||||
|
||||
#else /* HAVE_OCSP */
|
||||
|
||||
|
||||
|
||||
@@ -41026,6 +41026,8 @@ int OcspResponseEncode(OcspResponse* resp, byte* out, word32* outSz,
|
||||
ret = SizeASN_Items(ocspResponseASN, dataASN,
|
||||
ocspResponseASN_Length, &sz);
|
||||
}
|
||||
if (ret == 0 && sz > (int)*outSz)
|
||||
ret = BUFFER_E;
|
||||
if (ret == 0) {
|
||||
if (SetASN_Items(ocspResponseASN, dataASN,
|
||||
ocspResponseASN_Length, out) != sz)
|
||||
|
||||
Reference in New Issue
Block a user