Add bounds checks for MP integer size in SizeASN_Items#10051
Add bounds checks for MP integer size in SizeASN_Items#10051anhu wants to merge 3 commits intowolfSSL:masterfrom
Conversation
|
Jenkins retest this please -history lost |
|
Jenkins retest this please. Unable to get pull request trigger. |
|
Jenkins retest this please Build was aborted |
|
jenkins retest this please remote hung up. |
|
jenkins retest this please ABORTED |
|
jenkins retest this please. |
|
Jenkins retest this please. |
1 similar comment
|
Jenkins retest this please. |
|
jenkins retest this please Not found. |
|
Jenkins retest this please. |
|
jenkins retest this please. |
|
jenkins retest this please. |
tests/api/test_rsa.c
Outdated
|
|
||
| /* Sparse mmap — only the page at dp[used-1] is faulted in. */ | ||
| if (EXPECT_SUCCESS()) { | ||
| crafted_dp = (mp_digit*)mmap(NULL, dp_bytes, |
There was a problem hiding this comment.
This seems excessive.
Can't you test it another way that works on platforms not Windows?
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
🐺 Skoll Code Review
Overall recommendation: APPROVE
Findings: 3 total — 3 posted, 0 skipped
Posted findings
- [Medium] SetASN_Items MP path lacks matching bounds checks —
wolfcrypt/src/asn.c:1097-1099 - [Medium] Test only covers USE_INTEGER_HEAP_MATH; tfm.c has same overflow pattern —
tests/api/test_rsa.c:1161-1163 - [Low] Unused variable derRet could use (void) cast or direct use in Expect —
tests/api/test_rsa.c:1254-1255
Review generated by Skoll via openclaw
| } | ||
| break; | ||
|
|
||
| case ASN_DATA_TYPE_REPLACE_BUFFER: |
There was a problem hiding this comment.
🟡 [Medium] SetASN_Items MP path lacks matching bounds checks
💡 SUGGEST bug
The ASN_DATA_TYPE_MP case in SetASN_Items (the write path) calls mp_unsigned_bin_size() and mp_leading_bit() on lines 1097-1099 with the same pattern that was just hardened in SizeASN_Items, but without the new bounds checks. In normal usage SizeASN_Items is called first and would reject a malformed mp_int before SetASN_Items runs, so this is not directly exploitable. However, as defense-in-depth—and to prevent future callers from hitting the same issue—the same length < 0 checks should be added here.
Suggestion:
| case ASN_DATA_TYPE_REPLACE_BUFFER: | |
| case ASN_DATA_TYPE_MP: | |
| /* Get length in bytes. */ | |
| length = mp_unsigned_bin_size(data[i].data.mp); | |
| if (length < 0) { | |
| return ASN_PARSE_E; | |
| } | |
| /* Add one for leading zero to make encoding a positive num. */ | |
| length += mp_leading_bit(data[i].data.mp) ? 1 : 0; | |
| if (length < 0) { | |
| return ASN_PARSE_E; | |
| } | |
| /* Write out length. */ | |
| idx += SetASNLength((word32)length, out + idx); |
There was a problem hiding this comment.
The suggestion removes the handling of ASN_DATA_TYPE_REPLACE_BUFFER . This feels wrong. Not aking the suggestion.
| int test_wc_RsaKeyToDer_SizeOverflow(void) | ||
| { | ||
| EXPECT_DECLS; | ||
| #if !defined(NO_RSA) && defined(USE_INTEGER_HEAP_MATH) && \ |
There was a problem hiding this comment.
🟡 [Medium] Test only covers USE_INTEGER_HEAP_MATH; tfm.c has same overflow pattern
💡 SUGGEST test
The test is gated on USE_INTEGER_HEAP_MATH because the pointer-biasing trick relies on heap-allocated dp. However, fp_count_bits in tfm.c (line 4116) has the same (a->used - 1) * DIGIT_BIT overflow pattern as mp_count_bits in integer.c (line 262). With TFM (fastmath), dp is a fixed-size stack array, so the pointer-biasing trick won't work, but the underlying SizeASN_Items fix is still relevant for TFM builds. Consider adding a separate test path for TFM (e.g., using mp_set_int or another approach) or at minimum adding a comment explaining why TFM is excluded.
Recommendation: Consider adding a comment or separate test variant for TFM builds. Even if the pointer trick doesn't work with stack-allocated digits, verifying that SizeASN_Items rejects a negative mp_unsigned_bin_size result is valuable across all math backends.
There was a problem hiding this comment.
Will not leave revealing comment.
| } | ||
|
|
||
| /* Should return an error, not a bogus small size. */ | ||
| derRet = wc_RsaKeyToDer(&key, NULL, 0); |
There was a problem hiding this comment.
🔵 [Low] Unused variable derRet could use (void) cast or direct use in Expect
🔧 NIT style
The variable derRet is assigned from wc_RsaKeyToDer and immediately passed to ExpectIntLT. Some compilers may warn about the extra variable being unnecessary. The pattern could be simplified to avoid the intermediate variable, or the derRet value could be used in the ExpectIntLT call directly (which it already is). This is a very minor style point—the existing code is clear and readable.
Recommendation: No action required. The code is clear as-is. If the project convention is to avoid intermediate variables for single-use returns, consider ExpectIntLT(wc_RsaKeyToDer(&key, NULL, 0), 0) instead.
There was a problem hiding this comment.
Not going to bother with this.
|
jenkins retest this please |
3 participants
Fixes ZD 21401