fixes for brace style, null deref, ecc curve detection, unused variables

Author: JacobBarthelmeh

apps/wolfsshd/configuration.c

@@ -87,9 +87,11 @@ struct WOLFSSHD_CONFIG {
     char* authKeysFile;
     char* forceCmd;
     char* pidFile;
+#ifdef USE_WINDOWS_API
     char* winUserStores;
     char* winUserDwFlags;
     char* winUserPvPara;
+#endif /* USE_WINDOWS_API */
     WOLFSSHD_CONFIG* next; /* next config in list */
     long  loginTimer;
     word16 port;
@@ -331,9 +333,11 @@ void wolfSSHD_ConfigFree(WOLFSSHD_CONFIG* conf)
 #endif /* WOLFSSH_CERTS */
 #endif /* USE_WINDOWS_API */
         FreeString(&current->pidFile,  heap);
+#ifdef USE_WINDOWS_API
         FreeString(&current->winUserStores, heap);
         FreeString(&current->winUserDwFlags, heap);
         FreeString(&current->winUserPvPara, heap);
+#endif /* USE_WINDOWS_API */
 
         WFREE(current, heap, DYNTYPE_SSHD);
         current = next;
@@ -381,13 +385,16 @@ enum {
     OPT_BANNER                  = 23,
     OPT_TRUSTED_SYSTEM_CA_KEYS  = 24,
     OPT_TRUSTED_USER_CA_STORE   = 25,
+#ifdef USE_WINDOWS_API
     OPT_WIN_USER_STORES         = 26,
     OPT_WIN_USER_DW_FLAGS       = 27,
-    OPT_WIN_USER_PV_PARA        = 28
+    OPT_WIN_USER_PV_PARA        = 28,
+#endif /* USE_WINDOWS_API */
 };
 enum {
-    NUM_OPTIONS = 29
+    NUM_OPTIONS = 26
 #ifdef USE_WINDOWS_API
+    + 3
 #ifdef WOLFSSH_CERTS
     + 3
 #endif /* WOLFSSH_CERTS */
@@ -432,9 +439,11 @@ static const CONFIG_OPTION options[NUM_OPTIONS] = {
     {OPT_BANNER,                  "Banner"},
     {OPT_TRUSTED_SYSTEM_CA_KEYS,  "wolfSSH_TrustedSystemCAKeys"},
     {OPT_TRUSTED_USER_CA_STORE,   "wolfSSH_TrustedUserCaStore"},
+#ifdef USE_WINDOWS_API
     {OPT_WIN_USER_STORES,         "wolfSSH_WinUserStores"},
     {OPT_WIN_USER_DW_FLAGS,       "wolfSSH_WinUserDwFlags"},
-    {OPT_WIN_USER_PV_PARA,        "wolfSSH_WinUserPvPara"}
+    {OPT_WIN_USER_PV_PARA,        "wolfSSH_WinUserPvPara"},
+#endif /* USE_WINDOWS_API */
 };
 
 /* returns WS_SUCCESS on success */
@@ -1088,6 +1097,7 @@ static int HandleConfigOption(WOLFSSHD_CONFIG** conf, int opt,
         case OPT_TRUSTED_USER_CA_STORE:
             ret = wolfSSHD_ConfigSetUserCAStore(*conf, value);
             break;
+    #ifdef USE_WINDOWS_API
         case OPT_WIN_USER_STORES:
             ret = wolfSSHD_ConfigSetWinUserStores(*conf, value);
             break;
@@ -1097,6 +1107,7 @@ static int HandleConfigOption(WOLFSSHD_CONFIG** conf, int opt,
         case OPT_WIN_USER_PV_PARA:
             ret = wolfSSHD_ConfigSetWinUserPvPara(*conf, value);
             break;
+    #endif /* USE_WINDOWS_API */
     #ifdef USE_WINDOWS_API
     #ifdef WOLFSSH_CERTS
         case OPT_HOST_KEY_STORE:
@@ -1474,11 +1485,13 @@ int wolfSSHD_ConfigSetUserCAStore(WOLFSSHD_CONFIG* conf, const char* value)
     return ret;
 }
 
-char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf) {
+#ifdef USE_WINDOWS_API
+char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf)
+{
     if (conf != NULL) {
         if (conf->winUserStores == NULL) {
             /* If no value was specified, default to CERT_STORE_PROV_SYSTEM */
-            CreateString(&conf->winUserStores, "CERT_STORE_PROV_SYSTEM", 
+            CreateString(&conf->winUserStores, "CERT_STORE_PROV_SYSTEM",
                          (int)WSTRLEN("CERT_STORE_PROV_SYSTEM"), conf->heap);
         }
 
@@ -1488,24 +1501,32 @@ char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf) {
     return NULL;
 }
 
-int wolfSSHD_ConfigSetWinUserStores(WOLFSSHD_CONFIG* conf, const char* value) {
+int wolfSSHD_ConfigSetWinUserStores(WOLFSSHD_CONFIG* conf, const char* value)
+{
     int ret = WS_SUCCESS;
 
     if (conf == NULL) {
         ret = WS_BAD_ARGUMENT;
     }
 
-    ret = CreateString(&conf->winUserStores, value, (int)WSTRLEN(value), conf->heap);
+    if (ret == WS_SUCCESS) {
+        ret = CreateString(&conf->winUserStores, value,
+                (int)WSTRLEN(value), conf->heap);
+    }
 
     return ret;
 }
 
-char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf) {
+char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf)
+{
     if (conf != NULL) {
         if (conf->winUserDwFlags == NULL) {
-            /* If no value was specified, default to CERT_SYSTEM_STORE_CURRENT_USER */
-            CreateString(&conf->winUserDwFlags, "CERT_SYSTEM_STORE_CURRENT_USER", 
-                         (int)WSTRLEN("CERT_SYSTEM_STORE_CURRENT_USER"), conf->heap);
+            /* If no value was specified, default to
+             * CERT_SYSTEM_STORE_CURRENT_USER */
+            CreateString(&conf->winUserDwFlags,
+                         "CERT_SYSTEM_STORE_CURRENT_USER",
+                         (int)WSTRLEN("CERT_SYSTEM_STORE_CURRENT_USER"),
+                         conf->heap);
         }
 
         return conf->winUserDwFlags;
@@ -1514,23 +1535,29 @@ char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf) {
     return NULL;
 }
 
-int wolfSSHD_ConfigSetWinUserDwFlags(WOLFSSHD_CONFIG* conf, const char* value) {
+int wolfSSHD_ConfigSetWinUserDwFlags(WOLFSSHD_CONFIG* conf, const char* value)
+{
     int ret = WS_SUCCESS;
 
     if (conf == NULL) {
         ret = WS_BAD_ARGUMENT;
     }
 
-    ret = CreateString(&conf->winUserDwFlags, value, (int)WSTRLEN(value), conf->heap);
+    if (ret == WS_SUCCESS) {
+        ret = CreateString(&conf->winUserDwFlags, value,
+                (int)WSTRLEN(value), conf->heap);
+    }
 
     return ret;
 }
 
-char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf) {
+char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf)
+{
     if (conf != NULL) {
         if (conf->winUserPvPara == NULL) {
             /* If no value was specified, default to MY */
-            CreateString(&conf->winUserPvPara, "MY", (int)WSTRLEN("MY"), conf->heap);
+            CreateString(&conf->winUserPvPara, "MY",
+                         (int)WSTRLEN("MY"), conf->heap);
         }
 
         return conf->winUserPvPara;
@@ -1539,17 +1566,22 @@ char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf) {
     return NULL;
 }
 
-int wolfSSHD_ConfigSetWinUserPvPara(WOLFSSHD_CONFIG* conf, const char* value) {
+int wolfSSHD_ConfigSetWinUserPvPara(WOLFSSHD_CONFIG* conf, const char* value)
+{
     int ret = WS_SUCCESS;
 
     if (conf == NULL) {
         ret = WS_BAD_ARGUMENT;
     }
 
-    ret = CreateString(&conf->winUserPvPara, value, (int)WSTRLEN(value), conf->heap);
+    if (ret == WS_SUCCESS) {
+        ret = CreateString(&conf->winUserPvPara, value,
+                (int)WSTRLEN(value), conf->heap);
+    }
 
     return ret;
 }
+#endif /* USE_WINDOWS_API */
 
 char* wolfSSHD_ConfigGetUserCAKeysFile(const WOLFSSHD_CONFIG* conf)
 {

apps/wolfsshd/configuration.h

@@ -53,12 +53,14 @@ int wolfSSHD_ConfigSetSystemCA(WOLFSSHD_CONFIG* conf, const char* value);
 int wolfSSHD_ConfigGetSystemCA(const WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetUserCAStore(WOLFSSHD_CONFIG* conf, const char* value);
 int wolfSSHD_ConfigGetUserCAStore(const WOLFSSHD_CONFIG* conf);
+#ifdef USE_WINDOWS_API
 char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetWinUserStores(WOLFSSHD_CONFIG* conf, const char* value);
 char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetWinUserDwFlags(WOLFSSHD_CONFIG* conf, const char* value);
 char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetWinUserPvPara(WOLFSSHD_CONFIG* conf, const char* value);
+#endif /* USE_WINDOWS_API */
 int wolfSSHD_ConfigSetUserCAKeysFile(WOLFSSHD_CONFIG* conf, const char* file);
 word16 wolfSSHD_ConfigGetPort(const WOLFSSHD_CONFIG* conf);
 char* wolfSSHD_ConfigGetAuthKeysFile(const WOLFSSHD_CONFIG* conf);

apps/wolfsshd/wolfsshd.c

@@ -538,7 +538,7 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
 
         if (ret == WS_SUCCESS) {
             if (wolfSSHD_ConfigGetUserCAStore(conf)) {
-#if defined(_WIN32)
+#ifdef USE_WINDOWS_API
                 if (wolfSSL_CTX_load_windows_user_CA_certs(sslCtx,
                         wolfSSHD_ConfigGetWinUserStores(conf),
                         wolfSSHD_ConfigGetWinUserDwFlags(conf),
@@ -550,7 +550,7 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
                 wolfSSH_Log(WS_LOG_INFO,
                     "[SSHD] User CA store is only supported on Windows");
                 ret = WS_BAD_ARGUMENT;
-#endif /* _WIN32 */
+#endif /* USE_WINDOWS_API */
             }
         }
 

examples/client/common.c

@@ -1223,5 +1223,92 @@ int ClientSetupCertStoreAuth(WOLFSSH_CTX* ctx)
     fprintf(stderr, "No cert store key found in CTX\n");
     return WS_BAD_ARGUMENT;
 }
+
+
+/* Parse a cert store spec string "store:subject:flags" into wide-string
+ * components.  Allocates wStoreName and wSubjectName via WMALLOC; caller
+ * must WFREE them.  dwFlags is set to the parsed flags value.
+ * Returns WS_SUCCESS on success. */
+int ParseCertStoreSpec(const char* spec,
+        wchar_t** wStoreName, wchar_t** wSubjectName,
+        DWORD* dwFlags, void* heap)
+{
+    char* specCopy = NULL;
+    char* storeName = NULL;
+    char* subjectName = NULL;
+    char* flagsStr = NULL;
+    int wStoreNameLen, wSubjectNameLen;
+    size_t specLen;
+
+    if (spec == NULL || wStoreName == NULL || wSubjectName == NULL ||
+            dwFlags == NULL) {
+        return WS_BAD_ARGUMENT;
+    }
+
+    *wStoreName = NULL;
+    *wSubjectName = NULL;
+    *dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
+
+    specLen = WSTRLEN(spec) + 1;
+    specCopy = (char*)WMALLOC(specLen, heap, DYNTYPE_TEMP);
+    if (specCopy == NULL)
+        return WS_MEMORY_E;
+    WSTRNCPY(specCopy, spec, specLen);
+
+    /* Parse "store:subject:flags" */
+    storeName = specCopy;
+    subjectName = WSTRCHR(storeName, ':');
+    if (subjectName != NULL) {
+        *subjectName++ = '\0';
+        flagsStr = WSTRCHR(subjectName, ':');
+        if (flagsStr != NULL) {
+            *flagsStr++ = '\0';
+            if (WSTRCMP(flagsStr, "CURRENT_USER") == 0) {
+                *dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
+            } else if (WSTRCMP(flagsStr, "LOCAL_MACHINE") == 0) {
+                *dwFlags = CERT_SYSTEM_STORE_LOCAL_MACHINE;
+            } else {
+                *dwFlags = (DWORD)atoi(flagsStr);
+            }
+        }
+    }
+
+    if (storeName == NULL || subjectName == NULL || *storeName == '\0' ||
+            *subjectName == '\0') {
+        WFREE(specCopy, heap, DYNTYPE_TEMP);
+        return WS_BAD_ARGUMENT;
+    }
+
+    /* Convert to wide strings */
+    wStoreNameLen = MultiByteToWideChar(CP_UTF8, 0, storeName, -1, NULL, 0);
+    wSubjectNameLen = MultiByteToWideChar(CP_UTF8, 0, subjectName, -1,
+            NULL, 0);
+
+    *wStoreName = (wchar_t*)WMALLOC(wStoreNameLen * sizeof(wchar_t),
+            heap, DYNTYPE_TEMP);
+    *wSubjectName = (wchar_t*)WMALLOC(wSubjectNameLen * sizeof(wchar_t),
+            heap, DYNTYPE_TEMP);
+
+    if (*wStoreName == NULL || *wSubjectName == NULL) {
+        if (*wStoreName != NULL) {
+            WFREE(*wStoreName, heap, DYNTYPE_TEMP);
+            *wStoreName = NULL;
+        }
+        if (*wSubjectName != NULL) {
+            WFREE(*wSubjectName, heap, DYNTYPE_TEMP);
+            *wSubjectName = NULL;
+        }
+        WFREE(specCopy, heap, DYNTYPE_TEMP);
+        return WS_MEMORY_E;
+    }
+
+    MultiByteToWideChar(CP_UTF8, 0, storeName, -1,
+            *wStoreName, wStoreNameLen);
+    MultiByteToWideChar(CP_UTF8, 0, subjectName, -1,
+            *wSubjectName, wSubjectNameLen);
+
+    WFREE(specCopy, heap, DYNTYPE_TEMP);
+    return WS_SUCCESS;
+}
 #endif /* WOLFSSH_CERTS */
 #endif /* USE_WINDOWS_API */

examples/client/common.h

@@ -40,6 +40,9 @@ int ClientSetTpm(WOLFSSH* ssh);
 int ClientSetPrivateKeyFromStore(WOLFSSH_CTX* ctx,
         const wchar_t* storeName, DWORD dwFlags, const wchar_t* subjectName);
 int ClientSetupCertStoreAuth(WOLFSSH_CTX* ctx);
+int ParseCertStoreSpec(const char* spec,
+        wchar_t** wStoreName, wchar_t** wSubjectName,
+        DWORD* dwFlags, void* heap);
 #endif /* WOLFSSH_CERTS */
 #endif /* USE_WINDOWS_API */