Skip to content

F-5017 added checks to avoid issues where XFTELL and XFSEEK would fai… #237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aidankeefe2022 wants to merge 1 commit into
base: main
Choose a base branch
from
+31 −2
Open

F-5017 added checks to avoid issues where XFTELL and XFSEEK would fai… #237

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions src/sign-verify/clu_sign.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType,
{
int ret;
int fSz;
long fTell;
XFILE f;
byte *data = NULL;

Expand All @@ -107,8 +108,18 @@ int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType,
wolfCLU_LogError("unable to open file %s", in);
return BAD_FUNC_ARG;
}
XFSEEK(f, 0, SEEK_END);
fSz = (int)XFTELL(f);
if (XFSEEK(f, 0, SEEK_END) != 0) {
wolfCLU_LogError("Failed to seek to end of file.");
XFCLOSE(f);
return WOLFCLU_FATAL_ERROR;
}
fTell = XFTELL(f);
if (fTell <= 0 || fTell > INT_MAX) {
wolfCLU_LogError("Incorrect input file size: %ld", fTell);
XFCLOSE(f);
return WOLFCLU_FATAL_ERROR;
}
fSz = (int)fTell;

data = (byte*)XMALLOC(fSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (data == NULL) {
Expand Down
18 changes: 18 additions & 0 deletions tests/genkey_sign_ver/genkey-sign-ver-test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,24 @@ def test_ecc_sign_invalid_key_fails(self):
self.assertNotEqual(r.returncode, 0,
"ECC signing with empty key should have failed")

def test_ecc_sign_empty_input_fails(self):
"""Signing a 0-byte input file must fail gracefully (regression for
the XFSEEK/XFTELL size guards in wolfCLU_sign_data)."""
priv, _ = self._genkey("ecc", "ecc-empty-in", "der",
use_output_flag=True)
empty_in = "empty-input.txt"
empty_sig = "empty-input.sig"
self._track(empty_in, empty_sig)
open(empty_in, "wb").close()

r = run_wolfssl("-ecc", "-sign", "-inkey", priv, "-inform", "der",
"-in", empty_in, "-out", empty_sig)
self.assertNotEqual(r.returncode, 0,
"ECC signing of empty input should have failed")
self.assertGreaterEqual(r.returncode, 0,
"ECC sign of empty input crashed with signal "
"{}".format(r.returncode))

def test_ecc_sign_missing_inkey_value(self):
"""-inkey with no value must fail gracefully (no segfault)."""
r = run_wolfssl("-ecc", "-sign", "-inkey")
Expand Down
Loading