correct config, KV, protocol, and utility logic

JeremiahM37 · JeremiahM37 · commit b0cb0f32a9ec · 2026-04-13T17:41:33.000Z
diff --git a/src/json/centijson_value.c b/src/json/centijson_value.c
@@ -1968,6 +1968,7 @@ json_value_clone(WOLFSENTRY_CONTEXT_ARGS_IN_EX(struct wolfsentry_allocator *allo
                 if (ret2 < 0)
                     WOLFSENTRY_WARN("json_value_fini: %s\n", json_error_str(ret2));
             }
+            break;
         }
     }
 
diff --git a/src/json/load_config.c b/src/json/load_config.c
@@ -26,6 +26,7 @@
 #define WOLFSENTRY_SOURCE_ID WOLFSENTRY_SOURCE_ID_JSON_LOAD_CONFIG_C
 
 #include <stdlib.h>
+#include <limits.h>
 
 #define MAX_IPV4_ADDR_BITS (sizeof(struct in_addr) * BITS_PER_BYTE)
 #define MAX_IPV6_ADDR_BITS (sizeof(struct in6_addr) * BITS_PER_BYTE)
@@ -384,12 +385,18 @@ static wolfsentry_errcode_t convert_wolfsentry_duration(struct wolfsentry_contex
 
     switch (*endptr) {
     case 'd':
+        if (conv > LONG_MAX / 24 || conv < LONG_MIN / 24)
+            WOLFSENTRY_ERROR_RETURN(CONFIG_INVALID_VALUE);
         conv *= 24;
         /* fallthrough */
     case 'h':
+        if (conv > LONG_MAX / 60 || conv < LONG_MIN / 60)
+            WOLFSENTRY_ERROR_RETURN(CONFIG_INVALID_VALUE);
         conv *= 60;
         /* fallthrough */
     case 'm':
+        if (conv > LONG_MAX / 60 || conv < LONG_MIN / 60)
+            WOLFSENTRY_ERROR_RETURN(CONFIG_INVALID_VALUE);
         conv *= 60;
         /* fallthrough */
     case 's':
@@ -1968,7 +1975,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_fini(
         struct wolfsentry_route_table *old_route_table, *new_route_table;
         if ((ret = wolfsentry_route_get_main_table(JPSP_WOLFSENTRY_ACTUAL_CONTEXT_ARGS_OUT, &old_route_table)) < 0)
             goto out;
-        if ((ret = wolfsentry_route_get_main_table(JPSP_WOLFSENTRY_ACTUAL_CONTEXT_ARGS_OUT, &new_route_table)) < 0)
+        if ((ret = wolfsentry_route_get_main_table(JPSP_WOLFSENTRY_CONTEXT_ARGS_OUT, &new_route_table)) < 0)
             goto out;
         if (wolfsentry_table_n_deletes((struct wolfsentry_table_header *)new_route_table)
             != wolfsentry_table_n_deletes((struct wolfsentry_table_header *)old_route_table))
diff --git a/src/kv.c b/src/kv.c
@@ -1054,7 +1054,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_user_value_get_json(
     struct wolfsentry_kv_pair_internal **user_value_record)
 {
     wolfsentry_errcode_t ret;
-    if ((ret = wolfsentry_kv_get_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, wolfsentry->user_values, key, key_len, WOLFSENTRY_KV_STRING, user_value_record)) < 0)
+    if ((ret = wolfsentry_kv_get_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, wolfsentry->user_values, key, key_len, WOLFSENTRY_KV_JSON, user_value_record)) < 0)
         WOLFSENTRY_ERROR_RERETURN(ret);
     *value = WOLFSENTRY_KV_V_JSON(&(*user_value_record)->kv);
     WOLFSENTRY_RETURN_OK;
diff --git a/src/lwip/packet_filter_glue.c b/src/lwip/packet_filter_glue.c
@@ -1098,10 +1098,10 @@ static err_t icmp6_filter_with_wolfsentry(
     else
         memset(&local.local.addr, 0, sizeof *laddr);
 
-    remote.remote.sa_proto = IPPROTO_ICMP;
+    remote.remote.sa_proto = IPPROTO_ICMPV6;
     remote.remote.sa_port = 0;
 
-    local.local.sa_proto = IPPROTO_ICMP;
+    local.local.sa_proto = IPPROTO_ICMPV6;
     local.local.sa_port = icmp6_type;
 
     if (event->netif)
diff --git a/src/wolfsentry_util.c b/src/wolfsentry_util.c
@@ -232,7 +232,7 @@ WOLFSENTRY_API const char *wolfsentry_errcode_error_string(wolfsentry_errcode_t
             return "unknown user defined error code";
     } else if (i >= WOLFSENTRY_SUCCESS_ID_USER_BASE) {
         if (user_defined_successes[i - WOLFSENTRY_SUCCESS_ID_USER_BASE])
-            return user_defined_errors[i - WOLFSENTRY_SUCCESS_ID_USER_BASE];
+            return user_defined_successes[i - WOLFSENTRY_SUCCESS_ID_USER_BASE];
         else
             return "unknown user defined success code";
     } else if (i >= 0)
@@ -634,7 +634,7 @@ static void *wolfsentry_builtin_malloc(
     WOLFSENTRY_CONTEXT_ARGS_THREAD_NOT_USED;
 #ifdef WOLFSENTRY_MALLOC_DEBUG
     {
-        ret = malloc(size);
+        void *ret = malloc(size);
         if (ret != NULL)
             WOLFSENTRY_ATOMIC_INCREMENT(n_mallocs, 1);
         WOLFSENTRY_RETURN_VALUE(ret);
@@ -989,9 +989,9 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_get_deadline_rel(WOLFSENTRY_CONTE
                 WOLFSENTRY_SUCCESS_RETURN(EXPIRED);
         } else {
             if (now >= deadline)
-                WOLFSENTRY_RETURN_OK;
-            else
                 WOLFSENTRY_SUCCESS_RETURN(EXPIRED);
+            else
+                WOLFSENTRY_RETURN_OK;
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1968,6 +1968,7 @@ json_value_clone(WOLFSENTRY_CONTEXT_ARGS_IN_EX(struct wolfsentry_allocator *allo`
`1968`	`1968`	`if (ret2 < 0)`
`1969`	`1969`	`WOLFSENTRY_WARN("json_value_fini: %s\n", json_error_str(ret2));`
`1970`	`1970`	`}`
	`1971`	`+ break;`
`1971`	`1972`	`}`
`1972`	`1973`	`}`
`1973`	`1974`
Original file line number	Diff line number	Diff line change
`@@ -1054,7 +1054,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_user_value_get_json(`
`1054`	`1054`	`struct wolfsentry_kv_pair_internal **user_value_record)`
`1055`	`1055`	`{`
`1056`	`1056`	`wolfsentry_errcode_t ret;`
`1057`		`- if ((ret = wolfsentry_kv_get_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, wolfsentry->user_values, key, key_len, WOLFSENTRY_KV_STRING, user_value_record)) < 0)`
	`1057`	`+ if ((ret = wolfsentry_kv_get_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, wolfsentry->user_values, key, key_len, WOLFSENTRY_KV_JSON, user_value_record)) < 0)`
`1058`	`1058`	`WOLFSENTRY_ERROR_RERETURN(ret);`
`1059`	`1059`	`value = WOLFSENTRY_KV_V_JSON(&(user_value_record)->kv);`
`1060`	`1060`	`WOLFSENTRY_RETURN_OK;`