Merge pull request #136 from haydenroche5/mac_ctrl_fix

SparkiDev · web-flow · commit 06a9833b960b · 2021-07-28T09:42:52.000+10:00
Handle setting null terminator for ASN1_STRING key in we_mac.c.
diff --git a/src/we_mac.c b/src/we_mac.c
@@ -186,7 +186,7 @@ static int we_mac_cache_key(EVP_PKEY_CTX *ctx, we_Mac *mac)
         /* Get key length and data. */
         mac->keySz = ASN1_STRING_length(key);
         data       = ASN1_STRING_get0_data(key);
-        if (data == NULL) {
+        if (data == NULL || mac->keySz < 0) {
             ret = 0;
         }
     }
@@ -195,15 +195,16 @@ static int we_mac_cache_key(EVP_PKEY_CTX *ctx, we_Mac *mac)
         if (mac->key != NULL) {
             OPENSSL_clear_free(mac->key, mac->keySz);
         }
-        /* Allocate memory to cache key. */
-        mac->key = (unsigned char *)OPENSSL_zalloc(mac->keySz);
+        /* Allocate memory to cache key, +1 for null terminator. */
+        mac->key = (unsigned char *)OPENSSL_zalloc(mac->keySz + 1);
         if (mac->key == NULL) {
             ret = 0;
         }
     }
     if (ret == 1) {
         /* Copy key data into cache. */
         XMEMCPY(mac->key, data, mac->keySz);
+        mac->key[mac->keySz] = '\0';
     }
 
     WOLFENGINE_LEAVE(WE_LOG_MAC, "we_mac_cache_key", ret);
@@ -391,20 +392,21 @@ static int we_mac_pkey_ctrl(EVP_PKEY_CTX *ctx, int type, int num, void *ptr)
                  * num  [in]  Length of key in bytes.
                  */
                 WOLFENGINE_MSG(WE_LOG_MAC, "type: EVP_PKEY_CTRL_SET_MAC_KEY");
-                if (ptr != NULL) {
+                if (ptr != NULL && num >= 0) {
                     /* Dispose of old key safely. */
                     if (mac->key != NULL) {
                         OPENSSL_clear_free(mac->key, mac->keySz);
                     }
-                    /* Allocate memory for new key. */
-                    mac->key = (unsigned char *)OPENSSL_zalloc(num);
+                    /* Allocate memory for new key, +1 for null terminator. */
+                    mac->key = (unsigned char *)OPENSSL_zalloc(num + 1);
                     if (mac->key == NULL) {
                         ret = 0;
                     }
                     else {
                         /* Copy in key data and store size. */
                         XMEMCPY(mac->key, ptr, num);
                         mac->keySz = num;
+                        mac->key[num] = '\0';
                     }
                 }
                 else {
@@ -517,14 +519,15 @@ static int we_mac_dup(we_Mac *src, we_Mac **dst)
         mac->type  = src->type;
         mac->keySz = src->keySz;
         /* Duplicate the key if set. */
-        if (src->keySz > 0) {
-            mac->key = (unsigned char *)OPENSSL_zalloc(src->keySz);
+        if (src->keySz >= 0) {
+            mac->key = (unsigned char *)OPENSSL_zalloc(src->keySz + 1);
             if (mac->key == NULL) {
                 ret = 0;
             }
             else {
                 /* Copy over key bytes. */
                 XMEMCPY(mac->key, src->key, src->keySz);
+                mac->key[mac->keySz] = '\0';
             }
         }
         else {

Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ static int we_mac_cache_key(EVP_PKEY_CTX ctx, we_Mac mac)`
`186`	`186`	`/* Get key length and data. */`
`187`	`187`	`mac->keySz = ASN1_STRING_length(key);`
`188`	`188`	`data = ASN1_STRING_get0_data(key);`
`189`		`- if (data == NULL) {`
	`189`	`+ if (data == NULL \|\| mac->keySz < 0) {`
`190`	`190`	`ret = 0;`
`191`	`191`	`}`
`192`	`192`	`}`
`@@ -195,15 +195,16 @@ static int we_mac_cache_key(EVP_PKEY_CTX ctx, we_Mac mac)`
`195`	`195`	`if (mac->key != NULL) {`
`196`	`196`	`OPENSSL_clear_free(mac->key, mac->keySz);`
`197`	`197`	`}`
`198`		`- /* Allocate memory to cache key. */`
`199`		`- mac->key = (unsigned char *)OPENSSL_zalloc(mac->keySz);`
	`198`	`+ /* Allocate memory to cache key, +1 for null terminator. */`
	`199`	`+ mac->key = (unsigned char *)OPENSSL_zalloc(mac->keySz + 1);`
`200`	`200`	`if (mac->key == NULL) {`
`201`	`201`	`ret = 0;`
`202`	`202`	`}`
`203`	`203`	`}`
`204`	`204`	`if (ret == 1) {`
`205`	`205`	`/* Copy key data into cache. */`
`206`	`206`	`XMEMCPY(mac->key, data, mac->keySz);`
	`207`	`+ mac->key[mac->keySz] = '\0';`
`207`	`208`	`}`
`208`	`209`
`209`	`210`	`WOLFENGINE_LEAVE(WE_LOG_MAC, "we_mac_cache_key", ret);`
`@@ -391,20 +392,21 @@ static int we_mac_pkey_ctrl(EVP_PKEY_CTX ctx, int type, int num, void ptr)`
`391`	`392`	`* num [in] Length of key in bytes.`
`392`	`393`	`*/`
`393`	`394`	`WOLFENGINE_MSG(WE_LOG_MAC, "type: EVP_PKEY_CTRL_SET_MAC_KEY");`
`394`		`- if (ptr != NULL) {`
	`395`	`+ if (ptr != NULL && num >= 0) {`
`395`	`396`	`/* Dispose of old key safely. */`
`396`	`397`	`if (mac->key != NULL) {`
`397`	`398`	`OPENSSL_clear_free(mac->key, mac->keySz);`
`398`	`399`	`}`
`399`		`- /* Allocate memory for new key. */`
`400`		`- mac->key = (unsigned char *)OPENSSL_zalloc(num);`
	`400`	`+ /* Allocate memory for new key, +1 for null terminator. */`
	`401`	`+ mac->key = (unsigned char *)OPENSSL_zalloc(num + 1);`
`401`	`402`	`if (mac->key == NULL) {`
`402`	`403`	`ret = 0;`
`403`	`404`	`}`
`404`	`405`	`else {`
`405`	`406`	`/* Copy in key data and store size. */`
`406`	`407`	`XMEMCPY(mac->key, ptr, num);`
`407`	`408`	`mac->keySz = num;`
	`409`	`+ mac->key[num] = '\0';`
`408`	`410`	`}`
`409`	`411`	`}`
`410`	`412`	`else {`
`@@ -517,14 +519,15 @@ static int we_mac_dup(we_Mac src, we_Mac *dst)`
`517`	`519`	`mac->type = src->type;`
`518`	`520`	`mac->keySz = src->keySz;`
`519`	`521`	`/* Duplicate the key if set. */`
`520`		`- if (src->keySz > 0) {`
`521`		`- mac->key = (unsigned char *)OPENSSL_zalloc(src->keySz);`
	`522`	`+ if (src->keySz >= 0) {`
	`523`	`+ mac->key = (unsigned char *)OPENSSL_zalloc(src->keySz + 1);`
`522`	`524`	`if (mac->key == NULL) {`
`523`	`525`	`ret = 0;`
`524`	`526`	`}`
`525`	`527`	`else {`
`526`	`528`	`/* Copy over key bytes. */`
`527`	`529`	`XMEMCPY(mac->key, src->key, src->keySz);`
	`530`	`+ mac->key[mac->keySz] = '\0';`
`528`	`531`	`}`
`529`	`532`	`}`
`530`	`533`	`else {`