wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 09:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix buffer warnings in x509

Browse Source
This commit is contained in:
Eric Blankenhorn
2025-10-10 15:33:53 -05:00
parent f713cdb5e0
commit e47be2163a
2 changed files with 35 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_bn.c
View File

@@ -1153,7 +1153,7 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
else {
PRAGMA_GCC_DIAG_PUSH
PRAGMA_GCC("GCC diagnostic ignored \"-Werror=duplicated-branches\"")
/* ignored warning here because the same return value
/* ignored warning here because the same return value
was intentional */
ret = WOLFSSL_FATAL_ERROR; /* also -1 */
PRAGMA_GCC_DIAG_POP

35
src/x509.c
View File

@@ -1474,6 +1474,12 @@ static WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data_internal(
#ifndef NO_BIO
#ifndef MAX_INDENT
#define MAX_INDENT 40
#endif
/* Return 0 on success and 1 on failure. Copies ext data to bio, using indent
* to pad the output. flag is ignored. */
int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
@@ -1488,6 +1494,9 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
int tmpLen = 0;
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print");
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
if ((out == NULL) || (ext == NULL)) {
WOLFSSL_MSG("NULL parameter error");
return rc;
@@ -6320,6 +6329,9 @@ static int X509PrintKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
"Decipher Only"
};
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
if (bio == NULL || x509 == NULL) {
ret = WOLFSSL_FAILURE;
}
@@ -6491,6 +6503,9 @@ static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
unsigned char serial[32];
int sz = sizeof(serial);
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
XMEMSET(serial, 0, sz);
if (wolfSSL_X509_get_serial_number(x509, serial, &sz) == WOLFSSL_SUCCESS) {
X509PrintSerial_ex(bio, serial, sz, 1, indent);
@@ -6583,6 +6598,9 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
int count, i;
char* buf = NULL;
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
count = wolfSSL_X509_get_ext_count(x509);
if (count <= 0)
return WOLFSSL_SUCCESS;
@@ -6996,6 +7014,9 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
int len;
int ret = WOLFSSL_SUCCESS;
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
if (bio == NULL || x509 == NULL)
return BAD_FUNC_ARG;
@@ -7083,6 +7104,9 @@ static int X509PrintVersion(WOLFSSL_BIO* bio, int version, int indent)
char scratch[MAX_WIDTH];
int scratchLen;
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "", "Version:");
if ((scratchLen < 0) || (scratchLen >= MAX_WIDTH)) {
return WOLFSSL_FAILURE;
@@ -7116,6 +7140,9 @@ static int X509PrintReqAttributes(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
int scratchLen;
int i = 0;
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH,
"%*s%s", indent, "", "Attributes: \n"))
>= MAX_WIDTH)
@@ -8863,6 +8890,9 @@ static int X509RevokedPrintSerial(WOLFSSL_BIO* bio, RevokedCert* rev,
unsigned char serial[32];
int sz = sizeof(serial);
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
XMEMSET(serial, 0, sz);
if (wolfSSL_X509_REVOKED_get_serial_number(rev, serial, &sz)
== WOLFSSL_SUCCESS) {
@@ -8921,9 +8951,12 @@ static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
int indent)
{
char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */
char tmp[MAX_WIDTH];
int ret = 0;
if (indent < 0) indent = 0;
if (indent > MAX_INDENT) indent = MAX_INDENT;
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent, "",
"CRL extensions:") >= MAX_WIDTH) {
ret = WOLFSSL_FAILURE;