Fix applying non-zero offset 1 to null pointer ASAN error

[alexsn]

Description

When swapping openssl for wolfssl I encountered the following crash when compiling with ASAN enabled:

wolfssl/src/ssl.c:11892:16: runtime error: applying non-zero offset 1 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior wolfssl/src/ssl.c:11892:16 in

wolfssl/src/internal.c:26632:16: runtime error: applying non-zero offset 1 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior wolfssl/src/internal.c:26632:16 in

The fix is to break the loop when next pointer is NULL.

ZD 18175

[wolfSSL-Bot]

Can one of the admins verify this patch?

[dgarske]

Can you tell us more about your project and use-case? I don't see you setup as an approved contributor. If you are planning additional PR's we can consider getting you added. Just send an email to support at wolfssl dot com referencing this PR to get that process started.

[dgarske]

Hi @alexsn ,

We cannot accept any PR's without a signed contributor agreement. If you'd like to get setup please email [email protected] and reference this PR.

This change seems to break our API unit test:

./configure --enable-all
make
./tests/unit.test
...
784: test_for_double_Free                                :FAIL scripts/unit.test (exit status: 139)

wolfSSL Entering wolfSSL_CTX_set_cipher_list
Process 24555 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x00007ff807c845d1 libsystem_platform.dylib`_platform_strstr + 42
libsystem_platform.dylib`:
->  0x7ff807c845d1 <+42>: movb   (%r14), %al
    0x7ff807c845d4 <+45>: testb  %al, %al
    0x7ff807c845d6 <+47>: je     0x7ff807c845fc            ; <+85>
    0x7ff807c845d8 <+49>: movq   %r14, %r15
Target 1: (unit.test) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00007ff807c845d1 libsystem_platform.dylib`_platform_strstr + 42
    frame #1: 0x00000001004efa72 unit.test`ParseCipherList(suites=0x00007fe3f8804700, list="DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA:!aNULL:!eNULL", version=(major = '\x03', minor = '\x04'), privateKeySz=256, side='\0') at internal.c:26613:16
    frame #2: 0x00000001004ef81b unit.test`SetCipherList_ex(ctx=0x00007fe3f9008200, ssl=0x0000000000000000, suites=0x00007fe3f8804700, list="DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA:!aNULL:!eNULL") at internal.c:27030:12
    frame #3: 0x0000000100566b05 unit.test`wolfSSL_parse_cipher_list(ctx=0x00007fe3f9008200, ssl=0x0000000000000000, suites=0x00007fe3f8804700, list="DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA:!aNULL:!eNULL") at ssl.c:8485:17
    frame #4: 0x0000000100566a0d unit.test`wolfSSL_CTX_set_cipher_list(ctx=0x00007fe3f9008200, list="DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA:!aNULL:!eNULL") at ssl.c:8593:12
    frame #5: 0x00000001002dacd1 unit.test`test_for_double_Free at api.c:1456:9
    frame #6: 0x0000000100352123 unit.test`ApiTest at api.c:74388:19
    frame #7: 0x00000001000011b3 unit.test`unit_test(argc=1, argv=0x00007ff7bfeff2c8) at unit.c:223:19
    frame #8: 0x0000000100000fb2 unit.test`main(argc=2, argv=0x00007ff7bfeff2c0) at unit.c:46:12

Please review and fix.

Thanks,
David Garske, wolfSSL

[alexsn]

Hey @dgarske, I've fixed the crash (could do while (1) as there are a bunch of continue statements in the loop that was crashing. I've updated the while condition to bump next if it's non null

[alexsn]

In addition I've emailed [email protected] as requested.

[dgarske]

Closing in favor of #7698