wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

src/internal.c:

Browse Source 
in DtlsMsgNew(), iff WOLFSSL_ASYNC_CRYPT, allow sz==0 allocation, to fix infinite loop in ProcessReplyEx() around DoDtlsHandShakeMsg();

in DtlsMsgAssembleCompleteMessage() restore fix from 0603031362 for pointerOutOfBounds (undefined behavior) construct;

in ProcessReplyEx(), in WOLFSSL_DTLS13 case ack, check and propagate error from DoDtls13Ack() (fix from @guidovranken).
This commit is contained in:
Daniel Pouzzner
2022-09-17 13:02:51 -05:00
parent 0fc80f5f85
commit ac0d7f4d84
1 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/internal.c
View File

@ -8152,10 +8152,12 @@ DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap)
DtlsMsg* msg; DtlsMsg* msg;
WOLFSSL_ENTER("DtlsMsgNew()"); WOLFSSL_ENTER("DtlsMsgNew()");
#ifndef WOLFSSL_ASYNC_CRYPT
if (sz == 0) { if (sz == 0) {
WOLFSSL_MSG("DtlsMsgNew: sz == 0 not allowed"); WOLFSSL_MSG("DtlsMsgNew: sz == 0 not allowed");
return NULL; return NULL;
} }
#endif
(void)heap; (void)heap;
msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
@ -8386,8 +8388,18 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg)
/* frag->padding makes sure we can fit the entire DTLS handshake header /* frag->padding makes sure we can fit the entire DTLS handshake header
* before frag->buf */ * before frag->buf */
dtls = (DtlsHandShakeHeader*)(msg->fragBucketList->buf -
DTLS_HANDSHAKE_HEADER_SZ); /* note the dtls pointer needs to be computed from msg->fragBucketList, not
* from msg->fragBucketList->buf, to avoid a pointerOutOfBounds access
* detected by cppcheck.
*
* also note, the (void *) intermediate cast is necessary to avoid a
* potential -Wcast-align around alignment of DtlsHandShakeHeader exceeding
* alignment of char.
*/
dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList
+ OFFSETOF(DtlsFragBucket,buf)
- DTLS_HANDSHAKE_HEADER_SZ);
msg->fragBucketList = NULL; msg->fragBucketList = NULL;
msg->fragBucketListCount = 0; msg->fragBucketListCount = 0;
@ -19839,6 +19851,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
ssl->keys.padSz, &processedSize); ssl->keys.padSz, &processedSize);
ssl->buffers.inputBuffer.idx += processedSize; ssl->buffers.inputBuffer.idx += processedSize;
ssl->buffers.inputBuffer.idx += ssl->keys.padSz; ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
if (ret != 0)
return ret;
break; break;
} }
FALL_THROUGH; FALL_THROUGH;
@ -20694,7 +20708,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
if (sizeOnly) if (sizeOnly)
goto exit_buildmsg; goto exit_buildmsg;
{ {
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
/* If we want the PREV_ORDER then modify CUR_ORDER sequence number /* If we want the PREV_ORDER then modify CUR_ORDER sequence number
* for all encryption algos that use it for encryption parameters */ * for all encryption algos that use it for encryption parameters */
@ -20735,7 +20749,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo; ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo;
} }
#endif #endif
} }
if (ret != 0) if (ret != 0)
goto exit_buildmsg; goto exit_buildmsg;