Add missing NULL checks in public API functions

Add NULL and bounds validation to public API entry points that
were missing basic argument checks. Fixes span ALPN, session cache,
X509, SRP, PrivateKey ID/Label, and OBJ_obj2txt.
This commit is contained in:
Colton Willey
2026-04-13 19:05:41 -07:00
parent c36beba9b7
commit ae1da8af43
5 changed files with 48 additions and 11 deletions
+6 -3
View File
@@ -14545,7 +14545,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
else if (a->type == WOLFSSL_GEN_DNS || a->type == WOLFSSL_GEN_EMAIL ||
a->type == WOLFSSL_GEN_URI) {
bufSz = (int)XSTRLEN((const char*)a->obj);
XMEMCPY(buf, a->obj, min((word32)bufSz, (word32)bufLen));
if (bufSz >= bufLen) {
bufSz = bufLen - 1;
}
XMEMCPY(buf, a->obj, (size_t)bufSz);
}
else if ((bufSz = wolfssl_obj2txt_numeric(buf, bufLen, a)) > 0) {
if ((desc = oid_translate_num_to_str(buf))) {
@@ -17498,7 +17501,7 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p,
unsigned int p_len)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos");
if (ctx == NULL)
if (ctx == NULL || p == NULL)
return BAD_FUNC_ARG;
if (ctx->alpn_cli_protos != NULL) {
XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL);
@@ -17552,7 +17555,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
WOLFSSL_ENTER("wolfSSL_set_alpn_protos");
if (ssl == NULL || p_len <= 1) {
if (ssl == NULL || p_len <= 1 || p == NULL) {
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
/* 0 on success in OpenSSL, non-0 on failure in OpenSSL
* the function reverses the return value convention.
+24 -4
View File
@@ -4159,6 +4159,10 @@ int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Id");
if (ctx == NULL || id == NULL || sz < 0) {
return 0;
}
/* Dispose of old private key and allocate and copy in id. */
FreeDer(&ctx->privateKey);
if (AllocCopyDer(&ctx->privateKey, id, (word32)sz, PRIVATEKEY_TYPE,
@@ -4227,10 +4231,16 @@ int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
int devId)
{
int ret = 1;
word32 sz = (word32)XSTRLEN(label) + 1;
word32 sz;
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Label");
if (ctx == NULL || label == NULL) {
return 0;
}
sz = (word32)XSTRLEN(label) + 1;
/* Dispose of old private key and allocate and copy in label. */
FreeDer(&ctx->privateKey);
if (AllocCopyDer(&ctx->privateKey, (const byte*)label, (word32)sz,
@@ -4268,7 +4278,7 @@ int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Id");
if ((ctx == NULL) || (id == NULL)) {
if ((ctx == NULL) || (id == NULL) || (sz < 0)) {
ret = 0;
}
@@ -4561,6 +4571,10 @@ int wolfSSL_use_PrivateKey_Id(WOLFSSL* ssl, const unsigned char* id,
{
int ret = 1;
if (ssl == NULL || id == NULL || sz < 0) {
return 0;
}
/* Dispose of old private key if owned and allocate and copy in id. */
if (ssl->buffers.weOwnKey) {
FreeDer(&ssl->buffers.key);
@@ -4629,7 +4643,13 @@ int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id,
int wolfSSL_use_PrivateKey_Label(WOLFSSL* ssl, const char* label, int devId)
{
int ret = 1;
word32 sz = (word32)XSTRLEN(label) + 1;
word32 sz;
if (ssl == NULL || label == NULL) {
return 0;
}
sz = (word32)XSTRLEN(label) + 1;
/* Dispose of old private key if owned and allocate and copy in label. */
if (ssl->buffers.weOwnKey) {
@@ -4672,7 +4692,7 @@ int wolfSSL_use_AltPrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, long sz,
{
int ret = 1;
if ((ssl == NULL) || (id == NULL)) {
if ((ssl == NULL) || (id == NULL) || (sz < 0)) {
ret = 0;
}
+14 -2
View File
@@ -430,10 +430,16 @@ int wolfSSL_memsave_session_cache(void* mem, int sz)
{
int i;
cache_header_t cache_header;
SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
SessionRow* row;
WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
if (mem == NULL) {
return BAD_FUNC_ARG;
}
row = (SessionRow*)((byte*)mem + sizeof(cache_header));
if (sz < wolfSSL_get_session_cache_memsize()) {
WOLFSSL_MSG("Memory buffer too small");
return BUFFER_E;
@@ -520,10 +526,16 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz)
{
int i;
cache_header_t cache_header;
SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
SessionRow* row;
WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
if (mem == NULL) {
return BAD_FUNC_ARG;
}
row = (SessionRow*)((byte*)mem + sizeof(cache_header));
if (sz < wolfSSL_get_session_cache_memsize()) {
WOLFSSL_MSG("Memory buffer too small");
return BUFFER_E;
+2 -2
View File
@@ -3277,8 +3277,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf,
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_nconf");
if (value == NULL) {
WOLFSSL_MSG("value NULL parameter");
if (value == NULL || sName == NULL) {
WOLFSSL_MSG("NULL parameter");
return NULL;
}
+2
View File
@@ -378,6 +378,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
if (srp->salt) {
ForceZero(srp->salt, srp->saltSz);
XFREE(srp->salt, srp->heap, DYNAMIC_TYPE_SRP);
srp->salt = NULL;
srp->saltSz = 0;
}
srp->salt = (byte*)XMALLOC(saltSz, srp->heap, DYNAMIC_TYPE_SRP);