add additional input sanitation to handlers (#240)

bigbrett · web-flow · commit 6436b5c7b068 · 2025-11-10T22:59:29.000-05:00
* add missing sanitization of input arguments to crypto handlers

* protect input length checks against overflow

* add more missing checks
diff --git a/src/wh_server_cert.c b/src/wh_server_cert.c
@@ -387,10 +387,28 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
             whMessageCert_SimpleResponse    resp = {0};
             const uint8_t*                  cert_data;
 
+            /* Validate minimum size */
+            if (req_size < sizeof(whMessageCert_AddTrustedRequest)) {
+                resp.rc = WH_ERROR_BADARGS;
+                wh_MessageCert_TranslateSimpleResponse(
+                    magic, &resp, (whMessageCert_SimpleResponse*)resp_packet);
+                *out_resp_size = sizeof(resp);
+                break;
+            }
+
             /* Convert request struct */
             wh_MessageCert_TranslateAddTrustedRequest(
                 magic, (whMessageCert_AddTrustedRequest*)req_packet, &req);
 
+            /* Validate certificate data fits within request */
+            if (req.cert_len > req_size - sizeof(req)) {
+                resp.rc = WH_ERROR_BADARGS;
+                wh_MessageCert_TranslateSimpleResponse(
+                    magic, &resp, (whMessageCert_SimpleResponse*)resp_packet);
+                *out_resp_size = sizeof(resp);
+                break;
+            }
+
             /* Get pointer to certificate data */
             cert_data = (const uint8_t*)req_packet + sizeof(req);
 
diff --git a/src/wh_server_counter.c b/src/wh_server_counter.c
@@ -42,8 +42,6 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic,
                             const void* req_packet, uint16_t* out_resp_size,
                             void* resp_packet)
 {
-    (void)req_size;
-
     whKeyId       counterId = 0;
     int           ret       = 0;
     whNvmMetadata meta[1]   = {{0}};
@@ -59,6 +57,14 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic,
             whMessageCounter_InitRequest  req  = {0};
             whMessageCounter_InitResponse resp = {0};
 
+            if (req_size < sizeof(whMessageCounter_InitRequest)) {
+                resp.rc = WH_ERROR_BADARGS;
+                (void)wh_MessageCounter_TranslateInitResponse(
+                    magic, &resp, (whMessageCounter_InitResponse*)resp_packet);
+                *out_resp_size = sizeof(resp);
+                return WH_ERROR_OK;
+            }
+
             /* translate request */
             (void)wh_MessageCounter_TranslateInitRequest(
                 magic, (whMessageCounter_InitRequest*)req_packet, &req);
@@ -87,6 +93,15 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic,
             whMessageCounter_IncrementRequest  req  = {0};
             whMessageCounter_IncrementResponse resp = {0};
 
+            if (req_size < sizeof(whMessageCounter_IncrementRequest)) {
+                resp.rc = WH_ERROR_BADARGS;
+                (void)wh_MessageCounter_TranslateIncrementResponse(
+                    magic, &resp,
+                    (whMessageCounter_IncrementResponse*)resp_packet);
+                *out_resp_size = sizeof(resp);
+                return WH_ERROR_OK;
+            }
+
             /* translate request */
             (void)wh_MessageCounter_TranslateIncrementRequest(
                 magic, (whMessageCounter_IncrementRequest*)req_packet, &req);
@@ -133,6 +148,14 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic,
             whMessageCounter_ReadRequest  req  = {0};
             whMessageCounter_ReadResponse resp = {0};
 
+            if (req_size < sizeof(whMessageCounter_ReadRequest)) {
+                resp.rc = WH_ERROR_BADARGS;
+                (void)wh_MessageCounter_TranslateReadResponse(
+                    magic, &resp, (whMessageCounter_ReadResponse*)resp_packet);
+                *out_resp_size = sizeof(resp);
+                return WH_ERROR_OK;
+            }
+
             /* translate request */
             (void)wh_MessageCounter_TranslateReadRequest(
                 magic, (whMessageCounter_ReadRequest*)req_packet, &req);
@@ -164,6 +187,15 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic,
             whMessageCounter_DestroyRequest  req  = {0};
             whMessageCounter_DestroyResponse resp = {0};
 
+            if (req_size < sizeof(whMessageCounter_DestroyRequest)) {
+                resp.rc = WH_ERROR_BADARGS;
+                (void)wh_MessageCounter_TranslateDestroyResponse(
+                    magic, &resp,
+                    (whMessageCounter_DestroyResponse*)resp_packet);
+                *out_resp_size = sizeof(resp);
+                return WH_ERROR_OK;
+            }
+
             /* translate request */
             (void)wh_MessageCounter_TranslateDestroyRequest(
                 magic, (whMessageCounter_DestroyRequest*)req_packet, &req);
diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
