Skip to content

F 569 : Fix stack buffer overflow in encryption setup#212

Merged
dgarske merged 7 commits intowolfSSL:mainfrom
miyazakh:f-569_stackbuffer_overflow
Apr 13, 2026
Merged

F 569 : Fix stack buffer overflow in encryption setup#212
dgarske merged 7 commits intowolfSSL:mainfrom
miyazakh:f-569_stackbuffer_overflow

Conversation

@miyazakh
Copy link
Copy Markdown
Contributor

@miyazakh miyazakh commented Mar 26, 2026
edited
Loading

Fix stack buffer overflow via unbounded scanf in encryption setup
Add test coverage

Depends on: #211 (Merged)
Depends on: #219

@miyazakh miyazakh self-assigned this Mar 26, 2026
Copilot AI review requested due to automatic review settings March 26, 2026 22:06
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a stack buffer overflow in the encryption CLI setup by replacing unbounded scanf("%s", ...) reads with bounded fgets() reads, and adds regression tests to validate stdin-driven input/output filename paths.

Changes:

  • Replace unbounded scanf with bounded fgets for -in / -out prompts in encryption setup.
  • Add regression tests that supply input/output filenames via stdin (including a non-EVP path probe).
  • Expand an OCSP interop test’s expected error-message matching.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File Description
tests/ocsp/ocsp-interop-test.sh Broadens grep pattern to recognize more “missing file” error variants.
tests/encrypt/enc-test.sh Adds stdin-based regression tests covering the new fgets() input handling.
src/x509/clu_x509_sign.c Minor formatting cleanup + extends hash-type switch cases under a version gate.
src/crypto/clu_crypto_setup.c Replaces unsafe scanf("%s") reads with fgets() and newline trimming.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings March 27, 2026 00:12
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@miyazakh miyazakh force-pushed the f-569_stackbuffer_overflow branch from 9b1c8c5 to 2a009f1 Compare April 7, 2026 21:02
@miyazakh miyazakh marked this pull request as ready for review April 7, 2026 21:10
Copilot AI review requested due to automatic review settings April 7, 2026 21:10
Copilot AI reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@miyazakh miyazakh force-pushed the f-569_stackbuffer_overflow branch from 2a009f1 to 36e3285 Compare April 9, 2026 00:18
@miyazakh miyazakh assigned wolfSSL-Bot and unassigned miyazakh Apr 9, 2026
dgarske
dgarske reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐺 Skoll Code Review

Overall recommendation: APPROVE
Findings: 3 total — 3 posted, 0 skipped

Posted findings

  • [Medium] Significant code duplication across three fgets+validation blockssrc/crypto/clu_crypto_setup.c:346-490
  • [Medium] No test coverage for the 'input too long' fgets truncation pathtests/encrypt/enc-test.sh:188-275
  • [Low] Minor: in = inName assignment after the while loop is now redundantsrc/crypto/clu_crypto_setup.c:376

Review generated by Skoll via openclaw

Copilot AI review requested due to automatic review settings April 10, 2026 20:32
@miyazakh miyazakh force-pushed the f-569_stackbuffer_overflow branch from 36e3285 to 6f2525c Compare April 10, 2026 20:32
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@miyazakh miyazakh removed their assignment Apr 12, 2026
@dgarske dgarske merged commit ec1c1e5 into wolfSSL:main Apr 13, 2026
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dgarske dgarske dgarske approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@miyazakh @dgarske @wolfSSL-Bot