From 7e6b1bb194f1d7179d6398c81ac12b68dcfa0f84 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 26 Jun 2024 16:52:16 -0400 Subject: [PATCH 1/4] Fix Warning 826814.9284764 --- src/ssl_load.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl_load.c b/src/ssl_load.c index 8651d2d922..8d85d566e4 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5293,6 +5293,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { + /* Memory will be freed below in the (ret != 1) block */ ret = MEMORY_E; } } From 6175778755eb2503fee45a066c9220208794d8bc Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 23 Jul 2024 17:12:23 -0400 Subject: [PATCH 2/4] Fix Warning 826836.9285316 --- src/ssl_load.c | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 8d85d566e4..3a4cee0d36 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5102,6 +5102,24 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) #ifdef OPENSSL_EXTRA +#ifdef XGETENV +static char* wolfSSL_getenv_memcpy(const char* varName) { + char* ret = NULL; + char* env = NULL; + int len = 0; + + if ((env = XGETENV(varName)) != NULL) { + len = (int)XSTRLEN(env); + ret = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ret != NULL) { + XMEMCPY(ret, env, len); + } + } + + return ret; +} +#endif + /* Use the default paths to look for CA certificate. * * This is an OpenSSL compatibility layer function, but it doesn't mirror @@ -5121,9 +5139,9 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) { int ret; #ifdef XGETENV - char* certDir; - char* certFile; - word32 flags; + char* certDir = NULL; + char* certFile = NULL; + word32 flags = 0; #elif !defined(WOLFSSL_SYS_CA_CERTS) (void)ctx; #endif @@ -5131,8 +5149,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); #ifdef XGETENV - certDir = XGETENV("SSL_CERT_DIR"); - certFile = XGETENV("SSL_CERT_FILE"); + certDir = wolfSSL_getenv_memcpy("SSL_CERT_DIR"); + certFile = wolfSSL_getenv_memcpy("SSL_CERT_FILE"); flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; if ((certDir != NULL) || (certFile != NULL)) { @@ -5178,6 +5196,14 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) #endif } +#ifdef XGETENV + if (certFile != NULL) { + XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (certDir != NULL) { + XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret); return ret; From 750abdcecd4d599bf8bfbfe227929402ec61e906 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 23 Jul 2024 22:56:01 -0400 Subject: [PATCH 3/4] Addressing PR comments --- src/ssl_load.c | 30 ++++-------------------------- wolfcrypt/src/wc_port.c | 15 +++++++++++++++ wolfssl/wolfcrypt/types.h | 1 + 3 files changed, 20 insertions(+), 26 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 3a4cee0d36..f27dff3437 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5102,24 +5102,6 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) #ifdef OPENSSL_EXTRA -#ifdef XGETENV -static char* wolfSSL_getenv_memcpy(const char* varName) { - char* ret = NULL; - char* env = NULL; - int len = 0; - - if ((env = XGETENV(varName)) != NULL) { - len = (int)XSTRLEN(env); - ret = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != NULL) { - XMEMCPY(ret, env, len); - } - } - - return ret; -} -#endif - /* Use the default paths to look for CA certificate. * * This is an OpenSSL compatibility layer function, but it doesn't mirror @@ -5149,8 +5131,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); #ifdef XGETENV - certDir = wolfSSL_getenv_memcpy("SSL_CERT_DIR"); - certFile = wolfSSL_getenv_memcpy("SSL_CERT_FILE"); + certDir = wc_strdup(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); + certFile = wc_strdup(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; if ((certDir != NULL) || (certFile != NULL)) { @@ -5197,12 +5179,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) } #ifdef XGETENV - if (certFile != NULL) { - XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (certDir != NULL) { - XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 7ff02abf41..efe897b63f 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1177,6 +1177,21 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n) } #endif /* USE_WOLF_STRNCASECMP */ +char* wc_strdup(const char *src, int memType) { + char *ret = NULL; + int len = 0; + + if (src) { + len = (int)XSTRLEN(src); + ret = (char*)XMALLOC(len, NULL, memType); + if (ret != NULL) { + XMEMCPY(ret, src, len); + } + } + + return ret; +} + #ifdef WOLFSSL_ATOMIC_OPS #ifdef HAVE_C___ATOMIC diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 641246cbde..f5459411f7 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -917,6 +917,7 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif + WOLFSSL_API char* wc_strdup(const char *src, int memType); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV #ifdef NO_GETENV From 87386f2d34b972fbae4e657f09be26dccbf9f54b Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Fri, 26 Jul 2024 12:10:17 -0400 Subject: [PATCH 4/4] Addressing PR comments --- src/ssl_load.c | 4 ++-- wolfcrypt/src/wc_port.c | 4 +++- wolfssl/wolfcrypt/types.h | 10 +++++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index f27dff3437..795109e66d 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5131,8 +5131,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); #ifdef XGETENV - certDir = wc_strdup(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); - certFile = wc_strdup(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); + certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); + certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; if ((certDir != NULL) || (certFile != NULL)) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index efe897b63f..572c20e131 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1177,7 +1177,8 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n) } #endif /* USE_WOLF_STRNCASECMP */ -char* wc_strdup(const char *src, int memType) { +#ifdef USE_WOLF_STRDUP +char* wc_strdup_ex(const char *src, int memType) { char *ret = NULL; int len = 0; @@ -1191,6 +1192,7 @@ char* wc_strdup(const char *src, int memType) { return ret; } +#endif #ifdef WOLFSSL_ATOMIC_OPS diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index f5459411f7..2bdaf2d891 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -917,7 +917,15 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif - WOLFSSL_API char* wc_strdup(const char *src, int memType); + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) + #define USE_WOLF_STRDUP + #endif + #ifdef USE_WOLF_STRDUP + WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType); + #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER) + #define XSTRDUP(src) wc_strdup(src) + #endif + #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV #ifdef NO_GETENV