sanity check on input and refactor parse cert store spec function

JacobBarthelmeh · JacobBarthelmeh · commit c51f6f4571cf · 2026-03-24T22:45:31.000-04:00
diff --git a/examples/client/common.c b/examples/client/common.c
@@ -1223,92 +1223,5 @@ int ClientSetupCertStoreAuth(WOLFSSH_CTX* ctx)
     fprintf(stderr, "No cert store key found in CTX\n");
     return WS_BAD_ARGUMENT;
 }
-
-
-/* Parse a cert store spec string "store:subject:flags" into wide-string
- * components.  Allocates wStoreName and wSubjectName via WMALLOC; caller
- * must WFREE them.  dwFlags is set to the parsed flags value.
- * Returns WS_SUCCESS on success. */
-int ParseCertStoreSpec(const char* spec,
-        wchar_t** wStoreName, wchar_t** wSubjectName,
-        DWORD* dwFlags, void* heap)
-{
-    char* specCopy = NULL;
-    char* storeName = NULL;
-    char* subjectName = NULL;
-    char* flagsStr = NULL;
-    int wStoreNameLen, wSubjectNameLen;
-    size_t specLen;
-
-    if (spec == NULL || wStoreName == NULL || wSubjectName == NULL ||
-            dwFlags == NULL) {
-        return WS_BAD_ARGUMENT;
-    }
-
-    *wStoreName = NULL;
-    *wSubjectName = NULL;
-    *dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
-
-    specLen = WSTRLEN(spec) + 1;
-    specCopy = (char*)WMALLOC(specLen, heap, DYNTYPE_TEMP);
-    if (specCopy == NULL)
-        return WS_MEMORY_E;
-    WSTRNCPY(specCopy, spec, specLen);
-
-    /* Parse "store:subject:flags" */
-    storeName = specCopy;
-    subjectName = WSTRCHR(storeName, ':');
-    if (subjectName != NULL) {
-        *subjectName++ = '\0';
-        flagsStr = WSTRCHR(subjectName, ':');
-        if (flagsStr != NULL) {
-            *flagsStr++ = '\0';
-            if (WSTRCMP(flagsStr, "CURRENT_USER") == 0) {
-                *dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
-            } else if (WSTRCMP(flagsStr, "LOCAL_MACHINE") == 0) {
-                *dwFlags = CERT_SYSTEM_STORE_LOCAL_MACHINE;
-            } else {
-                *dwFlags = (DWORD)atoi(flagsStr);
-            }
-        }
-    }
-
-    if (storeName == NULL || subjectName == NULL || *storeName == '\0' ||
-            *subjectName == '\0') {
-        WFREE(specCopy, heap, DYNTYPE_TEMP);
-        return WS_BAD_ARGUMENT;
-    }
-
-    /* Convert to wide strings */
-    wStoreNameLen = MultiByteToWideChar(CP_UTF8, 0, storeName, -1, NULL, 0);
-    wSubjectNameLen = MultiByteToWideChar(CP_UTF8, 0, subjectName, -1,
-            NULL, 0);
-
-    *wStoreName = (wchar_t*)WMALLOC(wStoreNameLen * sizeof(wchar_t),
-            heap, DYNTYPE_TEMP);
-    *wSubjectName = (wchar_t*)WMALLOC(wSubjectNameLen * sizeof(wchar_t),
-            heap, DYNTYPE_TEMP);
-
-    if (*wStoreName == NULL || *wSubjectName == NULL) {
-        if (*wStoreName != NULL) {
-            WFREE(*wStoreName, heap, DYNTYPE_TEMP);
-            *wStoreName = NULL;
-        }
-        if (*wSubjectName != NULL) {
-            WFREE(*wSubjectName, heap, DYNTYPE_TEMP);
-            *wSubjectName = NULL;
-        }
-        WFREE(specCopy, heap, DYNTYPE_TEMP);
-        return WS_MEMORY_E;
-    }
-
-    MultiByteToWideChar(CP_UTF8, 0, storeName, -1,
-            *wStoreName, wStoreNameLen);
-    MultiByteToWideChar(CP_UTF8, 0, subjectName, -1,
-            *wSubjectName, wSubjectNameLen);
-
-    WFREE(specCopy, heap, DYNTYPE_TEMP);
-    return WS_SUCCESS;
-}
 #endif /* WOLFSSH_CERTS */
 #endif /* USE_WINDOWS_API */
diff --git a/examples/client/common.h b/examples/client/common.h
@@ -40,9 +40,6 @@ int ClientSetTpm(WOLFSSH* ssh);
 int ClientSetPrivateKeyFromStore(WOLFSSH_CTX* ctx,
         const wchar_t* storeName, DWORD dwFlags, const wchar_t* subjectName);
 int ClientSetupCertStoreAuth(WOLFSSH_CTX* ctx);
-int ParseCertStoreSpec(const char* spec,
-        wchar_t** wStoreName, wchar_t** wSubjectName,
-        DWORD* dwFlags, void* heap);
 #endif /* WOLFSSH_CERTS */
 #endif /* USE_WINDOWS_API */
 
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
@@ -41,6 +41,7 @@
 #include <wolfssh/internal.h>
 #include <wolfssh/wolfsftp.h>
 #include <wolfssh/agent.h>
+#include <wolfssh/certman.h>
 #include <wolfssh/port.h>
 #include <wolfssh/test.h>
 #include <wolfssl/wolfcrypt/ecc.h>
@@ -2965,7 +2966,7 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args)
             DWORD dwFlags = 0;
             int ret;
 
-            ret = ParseCertStoreSpec(certStoreSpec, &wStoreName,
+            ret = wolfSSH_ParseCertStoreSpec(certStoreSpec, &wStoreName,
                     &wSubjectName, &dwFlags, NULL);
             if (ret != WS_SUCCESS) {
                 ES_ERROR("Invalid cert store spec. Use: store:subject:flags\n");
diff --git a/examples/sftpclient/sftpclient.c b/examples/sftpclient/sftpclient.c
@@ -33,6 +33,7 @@
 #include <wolfssh/ssh.h>
 #include <wolfssh/internal.h>
 #include <wolfssh/wolfsftp.h>
+#include <wolfssh/certman.h>
 #include <wolfssh/test.h>
 #include <wolfssh/port.h>
 #include <wolfssl/wolfcrypt/ecc.h>
@@ -1428,7 +1429,7 @@ THREAD_RETURN WOLFSSH_THREAD sftpclient_test(void* args)
         wchar_t* wSubjectName = NULL;
         DWORD dwFlags = 0;
 
-        ret = ParseCertStoreSpec(certStoreSpec, &wStoreName,
+        ret = wolfSSH_ParseCertStoreSpec(certStoreSpec, &wStoreName,
                 &wSubjectName, &dwFlags, NULL);
         if (ret != WS_SUCCESS) {
             err_sys("Invalid cert store spec. Use: store:subject:flags");
diff --git a/src/certman.c b/src/certman.c
@@ -88,12 +88,12 @@ struct WOLFSSH_CERTMAN {
  */
 int wolfSSH_SetCertManager(WOLFSSH_CTX* ctx, WOLFSSL_CERT_MANAGER* cm)
 {
-    if (ctx == NULL || cm == NULL) {
+    if (ctx == NULL || cm == NULL || ctx->certMan == NULL) {
         return WS_BAD_ARGUMENT;
     }
 
     /* free up existing cm if present */
-    if (ctx->certMan != NULL && ctx->certMan->cm != NULL) {
+    if (ctx->certMan->cm != NULL) {
         wolfSSL_CertManagerFree(ctx->certMan->cm);
     }
     wolfSSL_CertManager_up_ref(cm);
@@ -565,4 +565,96 @@ static int CheckProfile(DecodedCert* cert, int profile)
 }
 #endif /* WOLFSSH_NO_FPKI */
 
+
+#if defined(USE_WINDOWS_API)
+/* Parse a cert store spec string "store:subject:flags" into wide-string
+ * components.  Allocates wStoreName and wSubjectName via WMALLOC; caller
+ * must WFREE them.  dwFlags is set to the parsed flags value.
+ * Returns WS_SUCCESS on success. */
+int wolfSSH_ParseCertStoreSpec(const char* spec,
+        wchar_t** wStoreName, wchar_t** wSubjectName,
+        DWORD* dwFlags, void* heap)
+{
+    char* specCopy = NULL;
+    char* storeName = NULL;
+    char* subjectName = NULL;
+    char* flagsStr = NULL;
+    int wStoreNameLen, wSubjectNameLen;
+    size_t specLen;
+
+    if (spec == NULL || wStoreName == NULL || wSubjectName == NULL ||
+            dwFlags == NULL) {
+        return WS_BAD_ARGUMENT;
+    }
+
+    *wStoreName = NULL;
+    *wSubjectName = NULL;
+    *dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
+
+    specLen = WSTRLEN(spec) + 1;
+    specCopy = (char*)WMALLOC(specLen, heap, DYNTYPE_TEMP);
+    if (specCopy == NULL)
+        return WS_MEMORY_E;
+    WSTRNCPY(specCopy, spec, specLen);
+
+    /* Parse "store:subject:flags" */
+    storeName = specCopy;
+    subjectName = WSTRCHR(storeName, ':');
+    if (subjectName != NULL) {
+        *subjectName++ = '\0';
+        flagsStr = WSTRCHR(subjectName, ':');
+        if (flagsStr != NULL) {
+            *flagsStr++ = '\0';
+            if (WSTRCMP(flagsStr, "CURRENT_USER") == 0) {
+                *dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
+            }
+            else if (WSTRCMP(flagsStr, "LOCAL_MACHINE") == 0) {
+                *dwFlags = CERT_SYSTEM_STORE_LOCAL_MACHINE;
+            }
+            else {
+                *dwFlags = (DWORD)atoi(flagsStr);
+            }
+        }
+    }
+
+    if (storeName == NULL || subjectName == NULL || *storeName == '\0' ||
+            *subjectName == '\0') {
+        WFREE(specCopy, heap, DYNTYPE_TEMP);
+        return WS_BAD_ARGUMENT;
+    }
+
+    /* Convert to wide strings */
+    wStoreNameLen = MultiByteToWideChar(CP_UTF8, 0, storeName, -1, NULL, 0);
+    wSubjectNameLen = MultiByteToWideChar(CP_UTF8, 0, subjectName, -1,
+            NULL, 0);
+
+    *wStoreName = (wchar_t*)WMALLOC(wStoreNameLen * sizeof(wchar_t),
+            heap, DYNTYPE_TEMP);
+    *wSubjectName = (wchar_t*)WMALLOC(wSubjectNameLen * sizeof(wchar_t),
+            heap, DYNTYPE_TEMP);
+
+    if (*wStoreName == NULL || *wSubjectName == NULL) {
+        if (*wStoreName != NULL) {
+            WFREE(*wStoreName, heap, DYNTYPE_TEMP);
+            *wStoreName = NULL;
+        }
+        if (*wSubjectName != NULL) {
+            WFREE(*wSubjectName, heap, DYNTYPE_TEMP);
+            *wSubjectName = NULL;
+        }
+        WFREE(specCopy, heap, DYNTYPE_TEMP);
+        return WS_MEMORY_E;
+    }
+
+    MultiByteToWideChar(CP_UTF8, 0, storeName, -1,
+            *wStoreName, wStoreNameLen);
+    MultiByteToWideChar(CP_UTF8, 0, subjectName, -1,
+            *wSubjectName, wSubjectNameLen);
+
+    WFREE(specCopy, heap, DYNTYPE_TEMP);
+    return WS_SUCCESS;
+}
+#endif /* USE_WINDOWS_API */
+
+
 #endif /* WOLFSSH_CERTS */
diff --git a/wolfssh/certman.h b/wolfssh/certman.h
@@ -59,6 +59,14 @@ int wolfSSH_CERTMAN_VerifyCerts_buffer(WOLFSSH_CERTMAN* cm,
         const unsigned char* cert, word32 certSz, word32 certCount);
 
 
+#if defined(USE_WINDOWS_API)
+WOLFSSH_API
+int wolfSSH_ParseCertStoreSpec(const char* spec,
+        wchar_t** wStoreName, wchar_t** wSubjectName,
+        DWORD* dwFlags, void* heap);
+#endif /* USE_WINDOWS_API */
+
+
 #ifdef __cplusplus
 }
 #endif
