Skip to content

Fenrir Fixes #10675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kareem-wolfssl wants to merge 6 commits into
base: master
Choose a base branch
from
+48 −19
Open

Fenrir Fixes #10675

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
857c448
Zero out buffer on error in AES_GCM_decrypt_C.
kareem-wolfssl Jun 12, 2026
d654293
Zero out the aead in wc_ChaCha20Poly1305_Encrypt/Decrypt before freei…
kareem-wolfssl Jun 12, 2026
8f0d2d8
Limit parsed port to 65535 in wolfIO_DecodeUrl.
kareem-wolfssl Jun 12, 2026
207f08a
Fix length calculations in wolfSSL_BUF_MEM_grow_ex and wolfSSL_BUF_ME…
kareem-wolfssl Jun 12, 2026
5982bb9
Fix wolfIO_DecodeUrl handling of IPv6 brackets.
kareem-wolfssl Jun 12, 2026
6f59b95
Code review feedback
kareem-wolfssl Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 20 additions & 16 deletions src/ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15398,20 +15398,20 @@ WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void)
int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
char zeroFill)
{

int len_int = (int)len;
int mx;
size_t mx;
char* tmp;

/* verify provided arguments */
if (buf == NULL || len_int < 0) {
/* verify provided arguments. The return value is an int holding the
* resulting length, so reject any len that cannot be represented as a
* non-negative int. This also prevents truncating size_t to int. */
if (buf == NULL || len > (size_t)INT_MAX) {
return 0; /* BAD_FUNC_ARG; */
}

/* check to see if fits in existing length */
if (buf->length > len) {
buf->length = len;
return len_int;
return (int)len;
}

/* check to see if fits in max buffer */
Expand All @@ -15420,16 +15420,19 @@ int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
XMEMSET(&buf->data[buf->length], 0, len - buf->length);
}
buf->length = len;
return len_int;
return (int)len;
}

/* expand size, to handle growth */
mx = (len_int + 3) / 3 * 4;
mx = (len + 3) / 3 * 4;

#ifdef WOLFSSL_NO_REALLOC
tmp = (char*)XMALLOC(mx, NULL, DYNAMIC_TYPE_OPENSSL);
if (tmp != NULL && buf->data != NULL) {
XMEMCPY(tmp, buf->data, len_int);
/* Only buf->length bytes of the old buffer are valid; copying len
* bytes here would over-read the old allocation since this branch is
* only reached when buf->max < len. */
XMEMCPY(tmp, buf->data, buf->length);
XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL);
buf->data = NULL;
}
Expand All @@ -15443,12 +15446,12 @@ int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
}
buf->data = tmp;

buf->max = (size_t)mx;
buf->max = mx;
if (zeroFill)
XMEMSET(&buf->data[buf->length], 0, len - buf->length);
buf->length = len;

return len_int;
return (int)len;

}

Expand All @@ -15462,10 +15465,11 @@ int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len)
int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len)
{
char* tmp;
int mx;
size_t mx;

/* verify provided arguments */
if (buf == NULL || len == 0 || (int)len <= 0) {
/* verify provided arguments. The return value is an int, so reject any
* len that cannot be represented as a positive int. */
if (buf == NULL || len == 0 || len > (size_t)INT_MAX) {

@JacobBarthelmeh JacobBarthelmeh Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use wolfSSL's macro WOLFSSL_MAX_32BIT for INT_MAX. I've seen port issues when using INT_MAX.

return 0; /* BAD_FUNC_ARG; */
}

Expand All @@ -15476,7 +15480,7 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len)
return wolfSSL_BUF_MEM_grow_ex(buf, len, 0);

/* expand size, to handle growth */
mx = ((int)len + 3) / 3 * 4;
mx = (len + 3) / 3 * 4;

/* We want to shrink the internal buffer */
#ifdef WOLFSSL_NO_REALLOC
Expand All @@ -15496,7 +15500,7 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len)

buf->data = tmp;
buf->length = len;
buf->max = (size_t)mx;
buf->max = mx;

return (int)len;
}
Expand Down
22 changes: 20 additions & 2 deletions src/wolfio.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1710,6 +1710,12 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
outName[i] = url[cur];
i++; cur++;
}
/* A bracketed IPv6 literal must be terminated by ']'. The loop
* above can also stop on end-of-buffer, NUL, or the length cap,
* none of which represent a well-formed host. Reject those cases
* rather than accepting the unterminated tail as the hostname. */
if (cur >= urlSz || url[cur] != ']')
return WOLFSSL_FATAL_ERROR;
cur++; /* skip ']' */
}
else {
Expand All @@ -1725,23 +1731,35 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
/* Need to pick out the path after the domain name */

if (cur < urlSz && url[cur] == ':') {
char port[6];
char port[5];
int j;
word32 bigPort = 0;
i = 0;
cur++;

XMEMSET(port, 0, sizeof(port));

while (i < 6 && cur < urlSz && url[cur] != 0 && url[cur] != '/') {
while (i < 5 && cur < urlSz && url[cur] != 0 && url[cur] != '/') {
port[i] = url[cur];
i++; cur++;
}

/* A valid port is at most 5 digits; if more characters remain
* before the path/terminator the port field is malformed (e.g.
* a 6-digit port) and must be rejected rather than parsed from a
* truncated digit string. */
if (cur < urlSz && url[cur] != 0 && url[cur] != '/')
return WOLFSSL_FATAL_ERROR;

for (j = 0; j < i; j++) {
if (port[j] < '0' || port[j] > '9') return WOLFSSL_FATAL_ERROR;
bigPort = (bigPort * 10) + (word32)(port[j] - '0');
}
/* Reject out-of-range ports rather than silently truncating to
* word16, which would otherwise wrap (e.g. 65536 -> 0) and
* connect to an unintended port. */
if (bigPort > 65535)

@JacobBarthelmeh JacobBarthelmeh Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't use a magic number here. If a macro is not already available then please add one.

return WOLFSSL_FATAL_ERROR;
if (outPort)
*outPort = (word16)bigPort;
}
Expand Down
3 changes: 3 additions & 0 deletions wolfcrypt/src/aes.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11023,6 +11023,9 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
ret = (ret & ~res);
ret |= (res & WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
#endif
if (ret != 0) {
ForceZero(out, sz);
}
return ret;
}
#elif (defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) || \
Expand Down
6 changes: 5 additions & 1 deletion wolfcrypt/src/chacha20_poly1305.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,10 @@ int wc_ChaCha20Poly1305_Encrypt(
inPlaintextLen);
if (ret == 0)
ret = wc_ChaCha20Poly1305_Final(aead, outAuthTag);

#ifdef WOLFSSL_SMALL_STACK
if (aead != NULL)
#endif
ForceZero(aead, sizeof(ChaChaPoly_Aead));
WC_FREE_VAR_EX(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);

return ret;
Expand Down Expand Up @@ -123,6 +126,7 @@ int wc_ChaCha20Poly1305_Decrypt(
/* zero plaintext on error */
ForceZero(outPlaintext, inCiphertextLen);
}
ForceZero(aead, sizeof(ChaChaPoly_Aead));
WC_FREE_VAR_EX(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);

return ret;
Expand Down
Loading