mirror of
https://github.com/cesanta/mongoose.git
synced 2025-06-10 19:33:06 +08:00
avoid ASAN reporting read overflows
This commit is contained in:
Sergio R. Caprile
parent
50e15e574f
commit
d6fdfe5b1b
37
mongoose.c
37
mongoose.c
@ -11879,22 +11879,25 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
|
|||||||
|
|
||||||
MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
|
MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
|
||||||
// Signature algorithm OID mapping
|
// Signature algorithm OID mapping
|
||||||
if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", algo.len) == 0) {
|
if (algo.len == 8 &&
|
||||||
|
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", 8) == 0) {
|
||||||
MG_VERBOSE(("sig algo: ECDSA with SHA256"));
|
MG_VERBOSE(("sig algo: ECDSA with SHA256"));
|
||||||
mg_sha256(cert->tbshash, tbs, tbssz);
|
mg_sha256(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 32;
|
cert->tbshashsz = 32;
|
||||||
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B",
|
} else if (algo.len == 9 &&
|
||||||
algo.len) == 0) {
|
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B", 9) ==
|
||||||
|
0) {
|
||||||
MG_VERBOSE(("sig algo: RSA with SHA256"));
|
MG_VERBOSE(("sig algo: RSA with SHA256"));
|
||||||
mg_sha256(cert->tbshash, tbs, tbssz);
|
mg_sha256(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 32;
|
cert->tbshashsz = 32;
|
||||||
} else if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", algo.len) ==
|
} else if (algo.len == 8 &&
|
||||||
0) {
|
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", 8) == 0) {
|
||||||
MG_VERBOSE(("sig algo: ECDSA with SHA384"));
|
MG_VERBOSE(("sig algo: ECDSA with SHA384"));
|
||||||
mg_sha384(cert->tbshash, tbs, tbssz);
|
mg_sha384(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 48;
|
cert->tbshashsz = 48;
|
||||||
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C",
|
} else if (algo.len == 9 &&
|
||||||
algo.len) == 0) {
|
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C", 9) ==
|
||||||
|
0) {
|
||||||
MG_VERBOSE(("sig algo: RSA with SHA384"));
|
MG_VERBOSE(("sig algo: RSA with SHA384"));
|
||||||
mg_sha384(cert->tbshash, tbs, tbssz);
|
mg_sha384(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 48;
|
cert->tbshashsz = 48;
|
||||||
@ -11915,7 +11918,7 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
|
|||||||
struct mg_der_tlv before, after;
|
struct mg_der_tlv before, after;
|
||||||
mg_der_next(&field, &before);
|
mg_der_next(&field, &before);
|
||||||
mg_der_next(&field, &after);
|
mg_der_next(&field, &after);
|
||||||
if (memcmp(after.value, "250101000000Z", after.len) < 0) {
|
if (after.len == 13 && memcmp(after.value, "250101000000Z", 13) < 0) {
|
||||||
MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
|
MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
|
||||||
before.len, before.value, mg_print_hex, after.len,
|
before.len, before.value, mg_print_hex, after.len,
|
||||||
after.value));
|
after.value));
|
||||||
@ -11935,20 +11938,22 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
|
|||||||
|
|
||||||
// public key algorithm
|
// public key algorithm
|
||||||
MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
|
MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
|
||||||
if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07",
|
if (pki_algo.len == 8 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07", 8) == 0) {
|
||||||
cert->is_ec_pubkey = 1;
|
cert->is_ec_pubkey = 1;
|
||||||
MG_VERBOSE(("pk algo: ECDSA secp256r1"));
|
MG_VERBOSE(("pk algo: ECDSA secp256r1"));
|
||||||
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08",
|
} else if (pki_algo.len == 8 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08", 8) ==
|
||||||
|
0) {
|
||||||
cert->is_ec_pubkey = 1;
|
cert->is_ec_pubkey = 1;
|
||||||
MG_VERBOSE(("pk algo: ECDSA secp384r1"));
|
MG_VERBOSE(("pk algo: ECDSA secp384r1"));
|
||||||
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01",
|
} else if (pki_algo.len == 7 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01", 7) == 0) {
|
||||||
cert->is_ec_pubkey = 1;
|
cert->is_ec_pubkey = 1;
|
||||||
MG_VERBOSE(("pk algo: EC public key"));
|
MG_VERBOSE(("pk algo: EC public key"));
|
||||||
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
|
} else if (pki_algo.len == 9 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
|
||||||
|
9) == 0) {
|
||||||
cert->is_ec_pubkey = 0;
|
cert->is_ec_pubkey = 0;
|
||||||
MG_VERBOSE(("pk algo: RSA"));
|
MG_VERBOSE(("pk algo: RSA"));
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -1044,22 +1044,25 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
|
|||||||
|
|
||||||
MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
|
MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
|
||||||
// Signature algorithm OID mapping
|
// Signature algorithm OID mapping
|
||||||
if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", algo.len) == 0) {
|
if (algo.len == 8 &&
|
||||||
|
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", 8) == 0) {
|
||||||
MG_VERBOSE(("sig algo: ECDSA with SHA256"));
|
MG_VERBOSE(("sig algo: ECDSA with SHA256"));
|
||||||
mg_sha256(cert->tbshash, tbs, tbssz);
|
mg_sha256(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 32;
|
cert->tbshashsz = 32;
|
||||||
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B",
|
} else if (algo.len == 9 &&
|
||||||
algo.len) == 0) {
|
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B", 9) ==
|
||||||
|
0) {
|
||||||
MG_VERBOSE(("sig algo: RSA with SHA256"));
|
MG_VERBOSE(("sig algo: RSA with SHA256"));
|
||||||
mg_sha256(cert->tbshash, tbs, tbssz);
|
mg_sha256(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 32;
|
cert->tbshashsz = 32;
|
||||||
} else if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", algo.len) ==
|
} else if (algo.len == 8 &&
|
||||||
0) {
|
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", 8) == 0) {
|
||||||
MG_VERBOSE(("sig algo: ECDSA with SHA384"));
|
MG_VERBOSE(("sig algo: ECDSA with SHA384"));
|
||||||
mg_sha384(cert->tbshash, tbs, tbssz);
|
mg_sha384(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 48;
|
cert->tbshashsz = 48;
|
||||||
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C",
|
} else if (algo.len == 9 &&
|
||||||
algo.len) == 0) {
|
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C", 9) ==
|
||||||
|
0) {
|
||||||
MG_VERBOSE(("sig algo: RSA with SHA384"));
|
MG_VERBOSE(("sig algo: RSA with SHA384"));
|
||||||
mg_sha384(cert->tbshash, tbs, tbssz);
|
mg_sha384(cert->tbshash, tbs, tbssz);
|
||||||
cert->tbshashsz = 48;
|
cert->tbshashsz = 48;
|
||||||
@ -1080,7 +1083,7 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
|
|||||||
struct mg_der_tlv before, after;
|
struct mg_der_tlv before, after;
|
||||||
mg_der_next(&field, &before);
|
mg_der_next(&field, &before);
|
||||||
mg_der_next(&field, &after);
|
mg_der_next(&field, &after);
|
||||||
if (memcmp(after.value, "250101000000Z", after.len) < 0) {
|
if (after.len == 13 && memcmp(after.value, "250101000000Z", 13) < 0) {
|
||||||
MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
|
MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
|
||||||
before.len, before.value, mg_print_hex, after.len,
|
before.len, before.value, mg_print_hex, after.len,
|
||||||
after.value));
|
after.value));
|
||||||
@ -1100,20 +1103,22 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
|
|||||||
|
|
||||||
// public key algorithm
|
// public key algorithm
|
||||||
MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
|
MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
|
||||||
if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07",
|
if (pki_algo.len == 8 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07", 8) == 0) {
|
||||||
cert->is_ec_pubkey = 1;
|
cert->is_ec_pubkey = 1;
|
||||||
MG_VERBOSE(("pk algo: ECDSA secp256r1"));
|
MG_VERBOSE(("pk algo: ECDSA secp256r1"));
|
||||||
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08",
|
} else if (pki_algo.len == 8 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08", 8) ==
|
||||||
|
0) {
|
||||||
cert->is_ec_pubkey = 1;
|
cert->is_ec_pubkey = 1;
|
||||||
MG_VERBOSE(("pk algo: ECDSA secp384r1"));
|
MG_VERBOSE(("pk algo: ECDSA secp384r1"));
|
||||||
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01",
|
} else if (pki_algo.len == 7 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01", 7) == 0) {
|
||||||
cert->is_ec_pubkey = 1;
|
cert->is_ec_pubkey = 1;
|
||||||
MG_VERBOSE(("pk algo: EC public key"));
|
MG_VERBOSE(("pk algo: EC public key"));
|
||||||
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
|
} else if (pki_algo.len == 9 &&
|
||||||
pki_algo.len) == 0) {
|
memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
|
||||||
|
9) == 0) {
|
||||||
cert->is_ec_pubkey = 0;
|
cert->is_ec_pubkey = 0;
|
||||||
MG_VERBOSE(("pk algo: RSA"));
|
MG_VERBOSE(("pk algo: RSA"));
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user