Skip to content

Commit acd857f

Browse files
JacobBarthelmehJacobBarthelmeh
authored
Merge pull request #462 from ejohnstown/fuzz-fix
Fuzzing and Scan Build Fixes
2 parents 8399f78 + 24c5ffd commit acd857f

1 file changed

Lines changed: 29 additions & 36 deletions

File tree

src/internal.c

Lines changed: 29 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -3301,58 +3301,50 @@ static int ParseAndVerifyCert(WOLFSSH* ssh, byte* in, word32 inSz,
33013301
int ret;
33023302
word32 l = 0, m = 0;
33033303
word32 ocspCount = 0;
3304-
byte* ocspBuf = NULL;
3305-
word32 ocspBufSz = 0;
33063304
word32 certCount = 0;
3307-
byte* certPt = NULL;
3305+
byte* certChain = NULL;
33083306
word32 certChainSz = 0;
33093307

33103308
/* Skip the name */
33113309
ret = GetSize(&l, in, inSz, &m);
33123310
m += l;
33133311

3314-
/* Get the cert count */
3315-
ret = GetUint32(&certCount, in, inSz, &m);
33163312
if (ret == WS_SUCCESS) {
3317-
WLOG(WS_LOG_INFO, "Peer sent certificate count of %d", certCount);
3313+
/* Get the cert count */
3314+
ret = GetUint32(&certCount, in, inSz, &m);
33183315
}
33193316

33203317
if (ret == WS_SUCCESS) {
33213318
word32 count;
33223319

3323-
certPt = in + m;
3324-
m = 0;
3320+
WLOG(WS_LOG_INFO, "Peer sent certificate count of %u", certCount);
3321+
certChain = in + m;
3322+
33253323
for (count = certCount; count > 0; count--) {
33263324
word32 certSz = 0;
33273325

3328-
ret = GetSize(&certSz, certPt, inSz, &m);
3329-
WLOG(WS_LOG_INFO, "Adding certificate size %d", certSz);
3326+
ret = GetSize(&certSz, in, inSz, &m);
33303327
if (ret != WS_SUCCESS) {
33313328
break;
33323329
}
3330+
WLOG(WS_LOG_INFO, "Adding certificate size %u", certSz);
33333331

33343332
/* store leaf cert size to present to user callback */
33353333
if (count == certCount && leafOut != NULL) {
33363334
*leafOutSz = certSz;
3337-
*leafOut = certPt + m;
3335+
*leafOut = in + m;
33383336
}
33393337
certChainSz += certSz + UINT32_SZ;
33403338
m += certSz;
33413339
}
33423340

3343-
if (ret == WS_SUCCESS) {
3344-
ocspBuf = certPt + m;
3345-
ocspBufSz = inSz - certChainSz;
3346-
}
3347-
33483341
/* get OCSP count */
33493342
if (ret == WS_SUCCESS) {
3350-
m = 0;
3351-
ret = GetUint32(&ocspCount, ocspBuf, ocspBufSz, &m);
3343+
ret = GetUint32(&ocspCount, in, inSz, &m);
33523344
}
33533345

33543346
if (ret == WS_SUCCESS) {
3355-
WLOG(WS_LOG_INFO, "Peer sent OCSP count of %d", ocspCount);
3347+
WLOG(WS_LOG_INFO, "Peer sent OCSP count of %u", ocspCount);
33563348

33573349
/* RFC 6187 section 2.1 OCSP count must not exceed cert count */
33583350
if (ocspCount > certCount) {
@@ -3365,15 +3357,14 @@ static int ParseAndVerifyCert(WOLFSSH* ssh, byte* in, word32 inSz,
33653357
/* @TODO handle OCSP's */
33663358
if (ocspCount > 0) {
33673359
WLOG(WS_LOG_INFO, "Peer sent OCSP's, not yet handled");
3368-
ret = GetSize(&l, ocspBuf, ocspBufSz, &m);
33693360
}
33703361
}
33713362
}
33723363

33733364
/* verify the certificate chain */
33743365
if (ret == WS_SUCCESS) {
33753366
ret = wolfSSH_CERTMAN_VerifyCerts_buffer(ssh->ctx->certMan,
3376-
certPt, certChainSz, certCount);
3367+
certChain, certChainSz, certCount);
33773368
}
33783369

33793370
return ret;
@@ -9060,7 +9051,9 @@ int SendKexDhReply(WOLFSSH* ssh)
90609051
break;
90619052
#endif
90629053
}
9054+
}
90639055

9056+
if (ret == WS_SUCCESS) {
90649057
/* Copy the server's public key. F for DE, or Q_S for ECDH. */
90659058
c32toa(fSz + fPad, output + idx);
90669059
idx += LENGTH_SZ;
@@ -10158,22 +10151,22 @@ static int BuildUserAuthRequestRsaCert(WOLFSSH* ssh,
1015810151
WMEMCPY(checkData + i, sigStart, begin - sigStartIdx);
1015910152
}
1016010153

10161-
#ifdef WOLFSSH_AGENT
10162-
if (ssh->agentEnabled) {
10163-
if (ret == WS_SUCCESS)
10164-
ret = wolfSSH_AGENT_SignRequest(ssh, checkData, checkDataSz,
10165-
output + begin + LENGTH_SZ, &keySig->sigSz,
10166-
authData->sf.publicKey.publicKey,
10167-
authData->sf.publicKey.publicKeySz, 0);
10168-
if (ret == WS_SUCCESS) {
10169-
c32toa(keySig->sigSz, output + begin);
10170-
begin += LENGTH_SZ + keySig->sigSz;
10154+
if (ret == WS_SUCCESS) {
10155+
#ifdef WOLFSSH_AGENT
10156+
if (ssh->agentEnabled) {
10157+
if (ret == WS_SUCCESS)
10158+
ret = wolfSSH_AGENT_SignRequest(ssh, checkData, checkDataSz,
10159+
output + begin + LENGTH_SZ, &keySig->sigSz,
10160+
authData->sf.publicKey.publicKey,
10161+
authData->sf.publicKey.publicKeySz, 0);
10162+
if (ret == WS_SUCCESS) {
10163+
c32toa(keySig->sigSz, output + begin);
10164+
begin += LENGTH_SZ + keySig->sigSz;
10165+
}
1017110166
}
10172-
}
10173-
else
10174-
#endif /* WOLFSSH_AGENT */
10175-
{
10176-
if (ret == WS_SUCCESS) {
10167+
else
10168+
#endif /* WOLFSSH_AGENT */
10169+
{
1017710170
byte encDigest[MAX_ENCODED_SIG_SZ];
1017810171
int encDigestSz;
1017910172

0 commit comments

Comments
 (0)