From 019b94f9c8119a58a7c8c9a7aefe43cdf6fe49ed Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@mega.nu>
Date: Thu, 9 Apr 2026 21:51:36 -0500
Subject: [PATCH 1/2] Fixes for F-2538, F-2539, and F-2540.

---
 kernel-src/wolfcrypt_glue.c | 10 +++++-----
 user-src/config.c           |  2 +-
 user-src/show.c             | 13 +++++++++----
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/kernel-src/wolfcrypt_glue.c b/kernel-src/wolfcrypt_glue.c
index 8af1d05..a3778e5 100644
--- a/kernel-src/wolfcrypt_glue.c
+++ b/kernel-src/wolfcrypt_glue.c
@@ -186,7 +186,7 @@ static __always_inline bool wc_AesGcm_crypt_sg_inplace(struct scatterlist *src,
     struct sg_mapping_iter miter;
     int miter_needs_stop = 0;
     unsigned int flags;
-    int sl;
+    ssize_t sl;
     Aes *aes = NULL;
     byte full_nonce[AES_IV_SIZE];
 
@@ -249,8 +249,8 @@ static __always_inline bool wc_AesGcm_crypt_sg_inplace(struct scatterlist *src,
     sg_miter_start(&miter, src, sg_nents(src), flags);
     miter_needs_stop = 1;
 
-    for (sl = src_len; sl > 0 && sg_miter_next(&miter); sl -= miter.length) {
-        size_t length = min_t(size_t, sl, miter.length);
+    for (sl = (ssize_t)src_len; sl > 0 && sg_miter_next(&miter); sl -= miter.length) {
+        size_t length = min_t(size_t, sl, (ssize_t)miter.length);
 
         if (isDecrypt)
             ret = wc_AesGcmDecryptUpdate(aes, miter.addr, miter.addr,
@@ -271,9 +271,9 @@ static __always_inline bool wc_AesGcm_crypt_sg_inplace(struct scatterlist *src,
      */
     if (sl <= -WC_AES_BLOCK_SIZE) {
         if (isDecrypt)
-            ret = wc_AesGcmDecryptFinal(aes, miter.addr + miter.length + sl, WC_AES_BLOCK_SIZE);
+            ret = wc_AesGcmDecryptFinal(aes, miter.addr + (ssize_t)miter.length + sl, WC_AES_BLOCK_SIZE);
         else
-            ret = wc_AesGcmEncryptFinal(aes, miter.addr + miter.length + sl, WC_AES_BLOCK_SIZE);
+            ret = wc_AesGcmEncryptFinal(aes, miter.addr + (ssize_t)miter.length + sl, WC_AES_BLOCK_SIZE);
         if (ret < 0) {
             WC_DEBUG_PR_CODEPOINT();
             goto out;
diff --git a/user-src/config.c b/user-src/config.c
index ab9e6b2..7d77753 100644
--- a/user-src/config.c
+++ b/user-src/config.c
@@ -287,7 +287,7 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value)
 			#ifdef EAI_NODATA
 				ret == EAI_NODATA ||
 			#endif
-				(retries == 0) || (retries == 1)) {
+				(retries == 0)) {
 			free(mutable);
 			fprintf(stderr, "%s: `%s'\n", ret == EAI_SYSTEM ? strerror(errno) : gai_strerror(ret), value);
 			return false;
diff --git a/user-src/show.c b/user-src/show.c
index 2398a73..b4247c2 100644
--- a/user-src/show.c
+++ b/user-src/show.c
@@ -181,15 +181,20 @@ static size_t pretty_time(char *buf, const size_t len, unsigned long long left)
 
 	if (years)
 		offset += snprintf(buf + offset, len - offset, "%s%llu " TERMINAL_FG_CYAN "year%s" TERMINAL_RESET, offset ? ", " : "", years, years == 1 ? "" : "s");
-	if (days)
+	if (days && (offset < len))
 		offset += snprintf(buf + offset, len - offset, "%s%llu " TERMINAL_FG_CYAN  "day%s" TERMINAL_RESET, offset ? ", " : "", days, days == 1 ? "" : "s");
-	if (hours)
+	if (hours && (offset < len))
 		offset += snprintf(buf + offset, len - offset, "%s%llu " TERMINAL_FG_CYAN  "hour%s" TERMINAL_RESET, offset ? ", " : "", hours, hours == 1 ? "" : "s");
-	if (minutes)
+	if (minutes && (offset < len))
 		offset += snprintf(buf + offset, len - offset, "%s%llu " TERMINAL_FG_CYAN "minute%s" TERMINAL_RESET, offset ? ", " : "", minutes, minutes == 1 ? "" : "s");
-	if (seconds)
+	if (seconds && (offset < len))
 		offset += snprintf(buf + offset, len - offset, "%s%llu " TERMINAL_FG_CYAN  "second%s" TERMINAL_RESET, offset ? ", " : "", seconds, seconds == 1 ? "" : "s");
 
+	if (offset >= len) {
+		buf[len-1] = '\0';
+		offset = len -1;
+	}
+
 	return offset;
 }
 

From 37057722a46ced3f47ed104c7b00c5a13216f4b5 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@mega.nu>
Date: Thu, 9 Apr 2026 22:03:34 -0500
Subject: [PATCH 2/2] bump version to 1.1.20260409.

---
 kernel-src/dkms.conf | 2 +-
 kernel-src/version.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel-src/dkms.conf b/kernel-src/dkms.conf
index 282c848..043fd3b 100644
--- a/kernel-src/dkms.conf
+++ b/kernel-src/dkms.conf
@@ -1,5 +1,5 @@
 PACKAGE_NAME="wolfguard"
-PACKAGE_VERSION="1.1.20260319"
+PACKAGE_VERSION="1.1.20260409"
 AUTOINSTALL=yes
 
 BUILT_MODULE_NAME="wolfguard"
diff --git a/kernel-src/version.h b/kernel-src/version.h
index db2ed12..3d467ab 100644
--- a/kernel-src/version.h
+++ b/kernel-src/version.h
@@ -1,3 +1,3 @@
 #ifndef WOLFGUARD_VERSION
-#define WOLFGUARD_VERSION "1.1.20260319"
+#define WOLFGUARD_VERSION "1.1.20260409"
 #endif