From d6fdfe5b1b79d9ad6905f07fae22448629a66240 Mon Sep 17 00:00:00 2001
From: "Sergio R. Caprile" <scaprile@cesanta.com>
Date: Thu, 5 Jun 2025 15:26:28 -0300
Subject: [PATCH] avoid ASAN reporting read overflows

---
 mongoose.c        | 37 +++++++++++++++++++++----------------
 src/tls_builtin.c | 37 +++++++++++++++++++++----------------
 2 files changed, 42 insertions(+), 32 deletions(-)

diff --git a/mongoose.c b/mongoose.c
index e54f8e53..b9b240ac 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -11879,22 +11879,25 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
 
   MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
   // Signature algorithm OID mapping
-  if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", algo.len) == 0) {
+  if (algo.len == 8 &&
+      memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", 8) == 0) {
     MG_VERBOSE(("sig algo: ECDSA with SHA256"));
     mg_sha256(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 32;
-  } else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B",
-                    algo.len) == 0) {
+  } else if (algo.len == 9 &&
+             memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B", 9) ==
+                 0) {
     MG_VERBOSE(("sig algo: RSA with SHA256"));
     mg_sha256(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 32;
-  } else if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", algo.len) ==
-             0) {
+  } else if (algo.len == 8 &&
+             memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", 8) == 0) {
     MG_VERBOSE(("sig algo: ECDSA with SHA384"));
     mg_sha384(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 48;
-  } else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C",
-                    algo.len) == 0) {
+  } else if (algo.len == 9 &&
+             memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C", 9) ==
+                 0) {
     MG_VERBOSE(("sig algo: RSA with SHA384"));
     mg_sha384(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 48;
@@ -11915,7 +11918,7 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
     struct mg_der_tlv before, after;
     mg_der_next(&field, &before);
     mg_der_next(&field, &after);
-    if (memcmp(after.value, "250101000000Z", after.len) < 0) {
+    if (after.len == 13 && memcmp(after.value, "250101000000Z", 13) < 0) {
       MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
                 before.len, before.value, mg_print_hex, after.len,
                 after.value));
@@ -11935,20 +11938,22 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
 
   // public key algorithm
   MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
-  if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07",
-             pki_algo.len) == 0) {
+  if (pki_algo.len == 8 &&
+      memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07", 8) == 0) {
     cert->is_ec_pubkey = 1;
     MG_VERBOSE(("pk algo: ECDSA secp256r1"));
-  } else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08",
-                    pki_algo.len) == 0) {
+  } else if (pki_algo.len == 8 &&
+             memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08", 8) ==
+                 0) {
     cert->is_ec_pubkey = 1;
     MG_VERBOSE(("pk algo: ECDSA secp384r1"));
-  } else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01",
-                    pki_algo.len) == 0) {
+  } else if (pki_algo.len == 7 &&
+             memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01", 7) == 0) {
     cert->is_ec_pubkey = 1;
     MG_VERBOSE(("pk algo: EC public key"));
-  } else if (memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
-                    pki_algo.len) == 0) {
+  } else if (pki_algo.len == 9 &&
+             memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
+                    9) == 0) {
     cert->is_ec_pubkey = 0;
     MG_VERBOSE(("pk algo: RSA"));
   } else {
diff --git a/src/tls_builtin.c b/src/tls_builtin.c
index bb9035ba..acafa6e6 100644
--- a/src/tls_builtin.c
+++ b/src/tls_builtin.c
@@ -1044,22 +1044,25 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
 
   MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
   // Signature algorithm OID mapping
-  if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", algo.len) == 0) {
+  if (algo.len == 8 &&
+      memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", 8) == 0) {
     MG_VERBOSE(("sig algo: ECDSA with SHA256"));
     mg_sha256(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 32;
-  } else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B",
-                    algo.len) == 0) {
+  } else if (algo.len == 9 &&
+             memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B", 9) ==
+                 0) {
     MG_VERBOSE(("sig algo: RSA with SHA256"));
     mg_sha256(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 32;
-  } else if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", algo.len) ==
-             0) {
+  } else if (algo.len == 8 &&
+             memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", 8) == 0) {
     MG_VERBOSE(("sig algo: ECDSA with SHA384"));
     mg_sha384(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 48;
-  } else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C",
-                    algo.len) == 0) {
+  } else if (algo.len == 9 &&
+             memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C", 9) ==
+                 0) {
     MG_VERBOSE(("sig algo: RSA with SHA384"));
     mg_sha384(cert->tbshash, tbs, tbssz);
     cert->tbshashsz = 48;
@@ -1080,7 +1083,7 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
     struct mg_der_tlv before, after;
     mg_der_next(&field, &before);
     mg_der_next(&field, &after);
-    if (memcmp(after.value, "250101000000Z", after.len) < 0) {
+    if (after.len == 13 && memcmp(after.value, "250101000000Z", 13) < 0) {
       MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
                 before.len, before.value, mg_print_hex, after.len,
                 after.value));
@@ -1100,20 +1103,22 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
 
   // public key algorithm
   MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
-  if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07",
-             pki_algo.len) == 0) {
+  if (pki_algo.len == 8 &&
+      memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07", 8) == 0) {
     cert->is_ec_pubkey = 1;
     MG_VERBOSE(("pk algo: ECDSA secp256r1"));
-  } else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08",
-                    pki_algo.len) == 0) {
+  } else if (pki_algo.len == 8 &&
+             memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08", 8) ==
+                 0) {
     cert->is_ec_pubkey = 1;
     MG_VERBOSE(("pk algo: ECDSA secp384r1"));
-  } else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01",
-                    pki_algo.len) == 0) {
+  } else if (pki_algo.len == 7 &&
+             memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01", 7) == 0) {
     cert->is_ec_pubkey = 1;
     MG_VERBOSE(("pk algo: EC public key"));
-  } else if (memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
-                    pki_algo.len) == 0) {
+  } else if (pki_algo.len == 9 &&
+             memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
+                    9) == 0) {
     cert->is_ec_pubkey = 0;
     MG_VERBOSE(("pk algo: RSA"));
   } else {