Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use signed variable for length calculation in SendTls13Certificate #7880

Merged
merged 3 commits into from
Aug 29, 2024
Merged

Use signed variable for length calculation in SendTls13Certificate #7880

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a09e3bb
Use signed variable for length calculation in SendTls13Certificate
ColtonWilley Aug 16, 2024
d5268d8
Update NULL check to be consistent with other checks
ColtonWilley Aug 16, 2024
a57d234
Clean up sign comparison warnings
ColtonWilley Aug 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions src/tls13.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8459,12 +8459,13 @@ static int SendTls13Certificate(WOLFSSL* ssl)
int ret = 0;
word32 certSz, certChainSz, headerSz, listSz, payloadSz;
word16 extSz = 0;
word32 length, maxFragment;
word32 maxFragment;
word32 len = 0;
word32 idx = 0;
word32 offset = OPAQUE16_LEN;
byte* p = NULL;
byte certReqCtxLen = 0;
sword32 length;
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
byte* certReqCtx = NULL;
#endif
Expand Down Expand Up @@ -8510,7 +8511,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
listSz = 0;
}
else {
if (!ssl->buffers.certificate) {
if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ssl->buffers.certificate->buffer is only dereferenced if certSz > 0. I can imagine there's code somewhere relying on null buffer being tolerated when ssl->buffers.certificate->length is zero, so this nullness check should only be done when ssl->buffers.certificate->length > 0.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree its a bit redundant, but is consistent with the rest of the code. Search for !ssl->buffers.certificate and you will see every single check in internal.c, ssl.c and tls13.c use if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer)

If we want to address that redundancy check separately I am on board, but I think at least for this PR its best to have the checks be consistent.

WOLFSSL_MSG("Send Cert missing certificate buffer");
return NO_CERT_ERROR;
}
Expand Down Expand Up @@ -8601,7 +8602,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
#endif /* WOLFSSL_DTLS13 */
}
else {
fragSz = min(length, maxFragment);
fragSz = min((word32)length, maxFragment);
sendSz += fragSz;
}

Expand Down