mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2025-06-07 17:42:30 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

avoid ASAN reporting read overflows

Browse Source
This commit is contained in:
Sergio R. Caprile 2025-06-05 15:26:28 -03:00
parent 50e15e574f
commit d6fdfe5b1b
2 changed files with 42 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
mongoose.c
View File

@ -11879,22 +11879,25 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
// Signature algorithm OID mapping
if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", algo.len) == 0) {
if (algo.len == 8 &&
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", 8) == 0) {
MG_VERBOSE(("sig algo: ECDSA with SHA256"));
mg_sha256(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 32;
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B",
algo.len) == 0) {
} else if (algo.len == 9 &&
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B", 9) ==
0) {
MG_VERBOSE(("sig algo: RSA with SHA256"));
mg_sha256(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 32;
} else if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", algo.len) ==
0) {
} else if (algo.len == 8 &&
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", 8) == 0) {
MG_VERBOSE(("sig algo: ECDSA with SHA384"));
mg_sha384(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 48;
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C",
algo.len) == 0) {
} else if (algo.len == 9 &&
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C", 9) ==
0) {
MG_VERBOSE(("sig algo: RSA with SHA384"));
mg_sha384(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 48;
@ -11915,7 +11918,7 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
struct mg_der_tlv before, after;
mg_der_next(&field, &before);
mg_der_next(&field, &after);
if (memcmp(after.value, "250101000000Z", after.len) < 0) {
if (after.len == 13 && memcmp(after.value, "250101000000Z", 13) < 0) {
MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
before.len, before.value, mg_print_hex, after.len,
after.value));
@ -11935,20 +11938,22 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
// public key algorithm
MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07",
pki_algo.len) == 0) {
if (pki_algo.len == 8 &&
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07", 8) == 0) {
cert->is_ec_pubkey = 1;
MG_VERBOSE(("pk algo: ECDSA secp256r1"));
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08",
pki_algo.len) == 0) {
} else if (pki_algo.len == 8 &&
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08", 8) ==
0) {
cert->is_ec_pubkey = 1;
MG_VERBOSE(("pk algo: ECDSA secp384r1"));
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01",
pki_algo.len) == 0) {
} else if (pki_algo.len == 7 &&
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01", 7) == 0) {
cert->is_ec_pubkey = 1;
MG_VERBOSE(("pk algo: EC public key"));
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
pki_algo.len) == 0) {
} else if (pki_algo.len == 9 &&
memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
9) == 0) {
cert->is_ec_pubkey = 0;
MG_VERBOSE(("pk algo: RSA"));
} else {

37
src/tls_builtin.c
View File

@ -1044,22 +1044,25 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
MG_VERBOSE(("sig algo (oid): %M", mg_print_hex, algo.len, algo.value));
// Signature algorithm OID mapping
if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", algo.len) == 0) {
if (algo.len == 8 &&
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x02", 8) == 0) {
MG_VERBOSE(("sig algo: ECDSA with SHA256"));
mg_sha256(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 32;
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B",
algo.len) == 0) {
} else if (algo.len == 9 &&
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B", 9) ==
0) {
MG_VERBOSE(("sig algo: RSA with SHA256"));
mg_sha256(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 32;
} else if (memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", algo.len) ==
0) {
} else if (algo.len == 8 &&
memcmp(algo.value, "\x2A\x86\x48\xCE\x3D\x04\x03\x03", 8) == 0) {
MG_VERBOSE(("sig algo: ECDSA with SHA384"));
mg_sha384(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 48;
} else if (memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C",
algo.len) == 0) {
} else if (algo.len == 9 &&
memcmp(algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C", 9) ==
0) {
MG_VERBOSE(("sig algo: RSA with SHA384"));
mg_sha384(cert->tbshash, tbs, tbssz);
cert->tbshashsz = 48;
@ -1080,7 +1083,7 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
struct mg_der_tlv before, after;
mg_der_next(&field, &before);
mg_der_next(&field, &after);
if (memcmp(after.value, "250101000000Z", after.len) < 0) {
if (after.len == 13 && memcmp(after.value, "250101000000Z", 13) < 0) {
MG_ERROR(("invalid validity dates: before=%M after=%M", mg_print_hex,
before.len, before.value, mg_print_hex, after.len,
after.value));
@ -1100,20 +1103,22 @@ static int mg_tls_parse_cert_der(void *buf, size_t dersz,
// public key algorithm
MG_VERBOSE(("pk algo (oid): %M", mg_print_hex, pki_algo.len, pki_algo.value));
if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07",
pki_algo.len) == 0) {
if (pki_algo.len == 8 &&
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x07", 8) == 0) {
cert->is_ec_pubkey = 1;
MG_VERBOSE(("pk algo: ECDSA secp256r1"));
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08",
pki_algo.len) == 0) {
} else if (pki_algo.len == 8 &&
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x03\x01\x08", 8) ==
0) {
cert->is_ec_pubkey = 1;
MG_VERBOSE(("pk algo: ECDSA secp384r1"));
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01",
pki_algo.len) == 0) {
} else if (pki_algo.len == 7 &&
memcmp(pki_algo.value, "\x2A\x86\x48\xCE\x3D\x02\x01", 7) == 0) {
cert->is_ec_pubkey = 1;
MG_VERBOSE(("pk algo: EC public key"));
} else if (memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
pki_algo.len) == 0) {
} else if (pki_algo.len == 9 &&
memcmp(pki_algo.value, "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01",
9) == 0) {
cert->is_ec_pubkey = 0;
MG_VERBOSE(("pk algo: RSA"));
} else {