Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix for memory issue due to missed WOLFSSL_GENERAL_NAME capability cha… #8155

Merged
merged 2 commits into from
Nov 12, 2024
+81 −19
Merged

fix for memory issue due to missed WOLFSSL_GENERAL_NAME capability cha… #8155

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a896c16
fix for memory leak due to missed WOLFSSL_GENERAL_NAME capability cha…
JacobBarthelmeh Nov 7, 2024
ce935fd
cast return of XMALLOC
JacobBarthelmeh Nov 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 74 additions & 18 deletions src/x509.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -587,6 +587,76 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
#endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */

#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns)
{
gn->type = dns->type;
switch (gn->type) {
case WOLFSSL_GEN_OTHERNAME:
if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
WOLFSSL_MSG("OTHERNAME set failed");
return WOLFSSL_FAILURE;
}
break;

case WOLFSSL_GEN_EMAIL:
case WOLFSSL_GEN_DNS:
case WOLFSSL_GEN_URI:
case WOLFSSL_GEN_IPADD:
case WOLFSSL_GEN_IA5:
gn->d.ia5->length = dns->len;
if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set failed");
return WOLFSSL_FAILURE;
}
break;


case WOLFSSL_GEN_DIRNAME:
/* wolfSSL_GENERAL_NAME_new() mallocs this by default */
wolfSSL_ASN1_STRING_free(gn->d.ia5);
gn->d.ia5 = NULL;

gn->d.dirn = wolfSSL_X509_NAME_new();;
/* @TODO extract dir name info from DNS_entry */
break;

#ifdef WOLFSSL_RID_ALT_NAME
case WOLFSSL_GEN_RID:
/* wolfSSL_GENERAL_NAME_new() mallocs this by default */
wolfSSL_ASN1_STRING_free(gn->d.ia5);
gn->d.ia5 = NULL;

gn->d.registeredID = wolfSSL_ASN1_OBJECT_new();
if (gn->d.registeredID == NULL) {
return WOLFSSL_FAILURE;
}
gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len,
gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1);
if (gn->d.registeredID->obj == NULL) {
/* registeredID gets free'd up by caller after failure */
return WOLFSSL_FAILURE;
}
gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len);
gn->d.registeredID->objSz = dns->len;
gn->d.registeredID->grp = oidCertExtType;
gn->d.registeredID->nid = WC_NID_registeredAddress;
break;
#endif

case WOLFSSL_GEN_X400:
/* Unsupported: fall through */
case WOLFSSL_GEN_EDIPARTY:
/* Unsupported: fall through */
default:
WOLFSSL_MSG("Unsupported type conversion");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}


static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
WOLFSSL_X509_EXTENSION* ext)
{
Expand Down Expand Up @@ -624,24 +694,10 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
goto err;
}

gn->type = dns->type;
if (gn->type == WOLFSSL_GEN_OTHERNAME) {
if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
WOLFSSL_MSG("OTHERNAME set failed");
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
goto err;
}
}
else {
gn->d.ia5->length = dns->len;
if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set failed");
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
goto err;
}
if (DNS_to_GENERAL_NAME(gn, dns) != WOLFSSL_SUCCESS) {
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
goto err;
}

if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
Expand Down
5 changes: 5 additions & 0 deletions tests/api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77998,6 +77998,7 @@ static int test_X509_REQ(void)
#ifdef HAVE_ECC
const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
BIO* bio = NULL;
#endif

ExpectNotNull(name = X509_NAME_new());
Expand Down Expand Up @@ -78089,6 +78090,10 @@ static int test_X509_REQ(void)
/* Signature is random and may be shorter or longer. */
ExpectIntGE((len = i2d_X509_REQ(req, &der)), 245);
ExpectIntLE(len, 253);
ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
ExpectIntEQ(X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
ExpectIntEQ(X509_REQ_print(bio, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
X509_REQ_free(req);
EVP_PKEY_free(pub);
Expand Down
2 changes: 1 addition & 1 deletion wolfssl/openssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -567,7 +567,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_sign wolfSSL_X509_sign
#define X509_sign_ctx wolfSSL_X509_sign_ctx
#define X509_print wolfSSL_X509_print
#define X509_REQ_print wolfSSL_X509_print
#define X509_REQ_print wolfSSL_X509_REQ_print
#define X509_print_ex wolfSSL_X509_print_ex
#define X509_print_fp wolfSSL_X509_print_fp
#define X509_CRL_print wolfSSL_X509_CRL_print
Expand Down
1 change: 1 addition & 0 deletions wolfssl/wolfcrypt/asn.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -912,6 +912,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
#define WC_NID_postalCode ASN_POSTAL_CODE /* postalCode */
#define WC_NID_favouriteDrink 462
#define WC_NID_userId 458
#define WC_NID_registeredAddress 870
#define WC_NID_emailAddress 0x30 /* emailAddress */
#define WC_NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */
#define WC_NID_ms_upn 265 /* 1.3.6.1.4.1.311.20.2.3 */
Expand Down
Loading