diff --git a/src/ssl_bn.c b/src/ssl_bn.c index d038e9058..597434d6a 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -1153,7 +1153,7 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) else { PRAGMA_GCC_DIAG_PUSH PRAGMA_GCC("GCC diagnostic ignored \"-Werror=duplicated-branches\"") - /* ignored warning here because the same return value + /* ignored warning here because the same return value was intentional */ ret = WOLFSSL_FATAL_ERROR; /* also -1 */ PRAGMA_GCC_DIAG_POP diff --git a/src/x509.c b/src/x509.c index 74efb78c3..03d2c6d58 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1474,6 +1474,12 @@ static WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data_internal( #ifndef NO_BIO + +#ifndef MAX_INDENT + #define MAX_INDENT 40 +#endif + + /* Return 0 on success and 1 on failure. Copies ext data to bio, using indent * to pad the output. flag is ignored. */ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, @@ -1488,6 +1494,9 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, int tmpLen = 0; WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print"); + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if ((out == NULL) || (ext == NULL)) { WOLFSSL_MSG("NULL parameter error"); return rc; @@ -6320,6 +6329,9 @@ static int X509PrintKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) "Decipher Only" }; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if (bio == NULL || x509 == NULL) { ret = WOLFSSL_FAILURE; } @@ -6491,6 +6503,9 @@ static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) unsigned char serial[32]; int sz = sizeof(serial); + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + XMEMSET(serial, 0, sz); if (wolfSSL_X509_get_serial_number(x509, serial, &sz) == WOLFSSL_SUCCESS) { X509PrintSerial_ex(bio, serial, sz, 1, indent); @@ -6583,6 +6598,9 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) int count, i; char* buf = NULL; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + count = wolfSSL_X509_get_ext_count(x509); if (count <= 0) return WOLFSSL_SUCCESS; @@ -6996,6 +7014,9 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) int len; int ret = WOLFSSL_SUCCESS; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if (bio == NULL || x509 == NULL) return BAD_FUNC_ARG; @@ -7083,6 +7104,9 @@ static int X509PrintVersion(WOLFSSL_BIO* bio, int version, int indent) char scratch[MAX_WIDTH]; int scratchLen; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "", "Version:"); if ((scratchLen < 0) || (scratchLen >= MAX_WIDTH)) { return WOLFSSL_FAILURE; @@ -7116,6 +7140,9 @@ static int X509PrintReqAttributes(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int scratchLen; int i = 0; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "", "Attributes: \n")) >= MAX_WIDTH) @@ -8863,6 +8890,9 @@ static int X509RevokedPrintSerial(WOLFSSL_BIO* bio, RevokedCert* rev, unsigned char serial[32]; int sz = sizeof(serial); + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + XMEMSET(serial, 0, sz); if (wolfSSL_X509_REVOKED_get_serial_number(rev, serial, &sz) == WOLFSSL_SUCCESS) { @@ -8921,9 +8951,12 @@ static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, int indent) { - char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */ + char tmp[MAX_WIDTH]; int ret = 0; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent, "", "CRL extensions:") >= MAX_WIDTH) { ret = WOLFSSL_FAILURE;