In `quic_record_transfer()`, the unsigned subtraction
`qr->end - qr->start` could wrap around if `end < start`, and the
subsequent `len <= 0` check was ineffective on a `word32`. Move the
comparison before the subtraction so the function returns `0` safely.
In `GetEchConfig()`, `XSTRLEN(config->publicName)` was assigned to a
single byte, silently truncating names longer than 255 characters while
`XMEMCPY` still copied the full string. Add a 255-byte length
validation in both `wolfSSL_CTX_GenerateEchConfig()` and
`GetEchConfig()`, and cache the length in a local variable to avoid
redundant `XSTRLEN` calls.
The vtest/VTest2 GitHub repo was archived on 2026-02-18 and its main
branch Makefile now exits with "THIS REPOSITORY HAS MOVED". The
maintainers tagged the last buildable commit as `last`.
Patch build-vtest.sh for both haproxy versions in the matrix:
- v3.1.0 still references wlallemand/VTest (removed long ago)
- v3.2.0 references vtest/VTest2 main branch (now broken)
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
- Fix missing cleanup on error in wc_XChaCha20Poly1305_crypt_oneshot:
change early return to goto out so ForceZero and free are called
- Fix memory leak in wc_DeCompressDynamic: free tmp buffer before
early return on avail_out size check failure
- Fix unconditional mutex unlock in PQC sign functions (falcon,
sphincs, dilithium): only call unlock when lock was acquired
- Remove dead oqssig NULL checks in falcon sign/verify that are
unreachable after the preceding SIG_TYPE_E assignment
DTLS13_FIXED_BITS_MASK used 0x111 (hex 273) instead of 0x7 (decimal 7,
binary 111). Per RFC 9147 Section 4, the top 3 bits of the unified
header flags byte must be 001. The incorrect hex value caused the mask
to only check bit 5 instead of bits 5, 6, and 7, allowing bytes with
bits 6 or 7 set to be misidentified as unified DTLS 1.3 headers.
The while loop conditions in TLSX_TCA_Find were inverted, causing two
bugs: the loop short-circuited on type match alone without checking the
id content, and the XMEMCMP sense was reversed (continuing on match,
stopping on mismatch). This meant any TCA entry with a matching type
would be returned as a match regardless of whether the identifier
actually matched.
Restructure the loop to correctly require both type and id (size +
content) to match before returning an entry, and to match any entry
immediately for PRE_AGREED type.
Add test_TLSX_TCA_Find unit test exercising exact match, mismatched id,
and PRE_AGREED cases via memio handshake.
Latest version of clang with optimization turned right up will make the
pre-fetch functions return 0.
The pre-fetch functions are there to ensure tables are all in cache not
to calculate a value.
- ECH: add bounds check on hpkePubkeyLen against HPKE_Npk_MAX to
prevent heap buffer overflow from untrusted ECH config data
- Sniffer: fix reassembly memory limit check typo, MaxRecoveryMemory -1
should be MaxRecoveryMemory != -1
- Sniffer: add bounds check in IPv6 extension header parsing loop to
prevent OOB read when next_header never matches TCP or NO_NEXT_HEADER
- Sniffer: validate tlsFragOffset + rhSize against tlsFragSize before
XMEMCPY in both TLS handshake fragment reassembly paths
- Internal: use WC_SAFE_SUM_WORD32 in GrowAnOutputBuffer to prevent
integer overflow on allocation size, matching existing pattern in
GrowOutputBuffer