fixes for brace style, null deref, ecc curve detection, unused variables

fix for memory leak and windows build issues

sanity check on input and refactor parse cert store spec function

Author: JacobBarthelmeh

.github/workflows/windows-cert-store-test.yml

@@ -9,7 +9,7 @@ name: Windows Certificate Store Test
 
 on:
   push:
-    branches: [ '*' ]
+    branches: [ 'master', 'main', 'release/**' ]
   pull_request:
     branches: [ '*' ]
 

apps/wolfsshd/configuration.c

@@ -87,9 +87,11 @@ struct WOLFSSHD_CONFIG {
     char* authKeysFile;
     char* forceCmd;
     char* pidFile;
+#ifdef USE_WINDOWS_API
     char* winUserStores;
     char* winUserDwFlags;
     char* winUserPvPara;
+#endif /* USE_WINDOWS_API */
     WOLFSSHD_CONFIG* next; /* next config in list */
     long  loginTimer;
     word16 port;
@@ -331,9 +333,11 @@ void wolfSSHD_ConfigFree(WOLFSSHD_CONFIG* conf)
 #endif /* WOLFSSH_CERTS */
 #endif /* USE_WINDOWS_API */
         FreeString(&current->pidFile,  heap);
+#ifdef USE_WINDOWS_API
         FreeString(&current->winUserStores, heap);
         FreeString(&current->winUserDwFlags, heap);
         FreeString(&current->winUserPvPara, heap);
+#endif /* USE_WINDOWS_API */
 
         WFREE(current, heap, DYNTYPE_SSHD);
         current = next;
@@ -381,13 +385,16 @@ enum {
     OPT_BANNER                  = 23,
     OPT_TRUSTED_SYSTEM_CA_KEYS  = 24,
     OPT_TRUSTED_USER_CA_STORE   = 25,
+#ifdef USE_WINDOWS_API
     OPT_WIN_USER_STORES         = 26,
     OPT_WIN_USER_DW_FLAGS       = 27,
-    OPT_WIN_USER_PV_PARA        = 28
+    OPT_WIN_USER_PV_PARA        = 28,
+#endif /* USE_WINDOWS_API */
 };
 enum {
-    NUM_OPTIONS = 29
+    NUM_OPTIONS = 26
 #ifdef USE_WINDOWS_API
+    + 3
 #ifdef WOLFSSH_CERTS
     + 3
 #endif /* WOLFSSH_CERTS */
@@ -432,9 +439,11 @@ static const CONFIG_OPTION options[NUM_OPTIONS] = {
     {OPT_BANNER,                  "Banner"},
     {OPT_TRUSTED_SYSTEM_CA_KEYS,  "wolfSSH_TrustedSystemCAKeys"},
     {OPT_TRUSTED_USER_CA_STORE,   "wolfSSH_TrustedUserCaStore"},
+#ifdef USE_WINDOWS_API
     {OPT_WIN_USER_STORES,         "wolfSSH_WinUserStores"},
     {OPT_WIN_USER_DW_FLAGS,       "wolfSSH_WinUserDwFlags"},
-    {OPT_WIN_USER_PV_PARA,        "wolfSSH_WinUserPvPara"}
+    {OPT_WIN_USER_PV_PARA,        "wolfSSH_WinUserPvPara"},
+#endif /* USE_WINDOWS_API */
 };
 
 /* returns WS_SUCCESS on success */
@@ -1088,6 +1097,7 @@ static int HandleConfigOption(WOLFSSHD_CONFIG** conf, int opt,
         case OPT_TRUSTED_USER_CA_STORE:
             ret = wolfSSHD_ConfigSetUserCAStore(*conf, value);
             break;
+    #ifdef USE_WINDOWS_API
         case OPT_WIN_USER_STORES:
             ret = wolfSSHD_ConfigSetWinUserStores(*conf, value);
             break;
@@ -1097,6 +1107,7 @@ static int HandleConfigOption(WOLFSSHD_CONFIG** conf, int opt,
         case OPT_WIN_USER_PV_PARA:
             ret = wolfSSHD_ConfigSetWinUserPvPara(*conf, value);
             break;
+    #endif /* USE_WINDOWS_API */
     #ifdef USE_WINDOWS_API
     #ifdef WOLFSSH_CERTS
         case OPT_HOST_KEY_STORE:
@@ -1474,11 +1485,13 @@ int wolfSSHD_ConfigSetUserCAStore(WOLFSSHD_CONFIG* conf, const char* value)
     return ret;
 }
 
-char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf) {
+#ifdef USE_WINDOWS_API
+char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf)
+{
     if (conf != NULL) {
         if (conf->winUserStores == NULL) {
             /* If no value was specified, default to CERT_STORE_PROV_SYSTEM */
-            CreateString(&conf->winUserStores, "CERT_STORE_PROV_SYSTEM", 
+            CreateString(&conf->winUserStores, "CERT_STORE_PROV_SYSTEM",
                          (int)WSTRLEN("CERT_STORE_PROV_SYSTEM"), conf->heap);
         }
 
@@ -1488,24 +1501,32 @@ char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf) {
     return NULL;
 }
 
-int wolfSSHD_ConfigSetWinUserStores(WOLFSSHD_CONFIG* conf, const char* value) {
+int wolfSSHD_ConfigSetWinUserStores(WOLFSSHD_CONFIG* conf, const char* value)
+{
     int ret = WS_SUCCESS;
 
     if (conf == NULL) {
         ret = WS_BAD_ARGUMENT;
     }
 
-    ret = CreateString(&conf->winUserStores, value, (int)WSTRLEN(value), conf->heap);
+    if (ret == WS_SUCCESS) {
+        ret = CreateString(&conf->winUserStores, value,
+                (int)WSTRLEN(value), conf->heap);
+    }
 
     return ret;
 }
 
-char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf) {
+char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf)
+{
     if (conf != NULL) {
         if (conf->winUserDwFlags == NULL) {
-            /* If no value was specified, default to CERT_SYSTEM_STORE_CURRENT_USER */
-            CreateString(&conf->winUserDwFlags, "CERT_SYSTEM_STORE_CURRENT_USER", 
-                         (int)WSTRLEN("CERT_SYSTEM_STORE_CURRENT_USER"), conf->heap);
+            /* If no value was specified, default to
+             * CERT_SYSTEM_STORE_CURRENT_USER */
+            CreateString(&conf->winUserDwFlags,
+                         "CERT_SYSTEM_STORE_CURRENT_USER",
+                         (int)WSTRLEN("CERT_SYSTEM_STORE_CURRENT_USER"),
+                         conf->heap);
         }
 
         return conf->winUserDwFlags;
@@ -1514,23 +1535,29 @@ char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf) {
     return NULL;
 }
 
-int wolfSSHD_ConfigSetWinUserDwFlags(WOLFSSHD_CONFIG* conf, const char* value) {
+int wolfSSHD_ConfigSetWinUserDwFlags(WOLFSSHD_CONFIG* conf, const char* value)
+{
     int ret = WS_SUCCESS;
 
     if (conf == NULL) {
         ret = WS_BAD_ARGUMENT;
     }
 
-    ret = CreateString(&conf->winUserDwFlags, value, (int)WSTRLEN(value), conf->heap);
+    if (ret == WS_SUCCESS) {
+        ret = CreateString(&conf->winUserDwFlags, value,
+                (int)WSTRLEN(value), conf->heap);
+    }
 
     return ret;
 }
 
-char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf) {
+char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf)
+{
     if (conf != NULL) {
         if (conf->winUserPvPara == NULL) {
             /* If no value was specified, default to MY */
-            CreateString(&conf->winUserPvPara, "MY", (int)WSTRLEN("MY"), conf->heap);
+            CreateString(&conf->winUserPvPara, "MY",
+                         (int)WSTRLEN("MY"), conf->heap);
         }
 
         return conf->winUserPvPara;
@@ -1539,17 +1566,22 @@ char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf) {
     return NULL;
 }
 
-int wolfSSHD_ConfigSetWinUserPvPara(WOLFSSHD_CONFIG* conf, const char* value) {
+int wolfSSHD_ConfigSetWinUserPvPara(WOLFSSHD_CONFIG* conf, const char* value)
+{
     int ret = WS_SUCCESS;
 
     if (conf == NULL) {
         ret = WS_BAD_ARGUMENT;
     }
 
-    ret = CreateString(&conf->winUserPvPara, value, (int)WSTRLEN(value), conf->heap);
+    if (ret == WS_SUCCESS) {
+        ret = CreateString(&conf->winUserPvPara, value,
+                (int)WSTRLEN(value), conf->heap);
+    }
 
     return ret;
 }
+#endif /* USE_WINDOWS_API */
 
 char* wolfSSHD_ConfigGetUserCAKeysFile(const WOLFSSHD_CONFIG* conf)
 {

apps/wolfsshd/configuration.h

@@ -53,12 +53,14 @@ int wolfSSHD_ConfigSetSystemCA(WOLFSSHD_CONFIG* conf, const char* value);
 int wolfSSHD_ConfigGetSystemCA(const WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetUserCAStore(WOLFSSHD_CONFIG* conf, const char* value);
 int wolfSSHD_ConfigGetUserCAStore(const WOLFSSHD_CONFIG* conf);
+#ifdef USE_WINDOWS_API
 char* wolfSSHD_ConfigGetWinUserStores(WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetWinUserStores(WOLFSSHD_CONFIG* conf, const char* value);
 char* wolfSSHD_ConfigGetWinUserDwFlags(WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetWinUserDwFlags(WOLFSSHD_CONFIG* conf, const char* value);
 char* wolfSSHD_ConfigGetWinUserPvPara(WOLFSSHD_CONFIG* conf);
 int wolfSSHD_ConfigSetWinUserPvPara(WOLFSSHD_CONFIG* conf, const char* value);
+#endif /* USE_WINDOWS_API */
 int wolfSSHD_ConfigSetUserCAKeysFile(WOLFSSHD_CONFIG* conf, const char* file);
 word16 wolfSSHD_ConfigGetPort(const WOLFSSHD_CONFIG* conf);
 char* wolfSSHD_ConfigGetAuthKeysFile(const WOLFSSHD_CONFIG* conf);

apps/wolfsshd/wolfsshd.c

@@ -538,7 +538,7 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
 
         if (ret == WS_SUCCESS) {
             if (wolfSSHD_ConfigGetUserCAStore(conf)) {
-#if defined(_WIN32)
+#ifdef USE_WINDOWS_API
                 if (wolfSSL_CTX_load_windows_user_CA_certs(sslCtx,
                         wolfSSHD_ConfigGetWinUserStores(conf),
                         wolfSSHD_ConfigGetWinUserDwFlags(conf),
@@ -550,7 +550,7 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
                 wolfSSH_Log(WS_LOG_INFO,
                     "[SSHD] User CA store is only supported on Windows");
                 ret = WS_BAD_ARGUMENT;
-#endif /* _WIN32 */
+#endif /* USE_WINDOWS_API */
             }
         }
 

examples/echoserver/echoserver.c

@@ -41,12 +41,14 @@
 #include <wolfssh/internal.h>
 #include <wolfssh/wolfsftp.h>
 #include <wolfssh/agent.h>
+#include <wolfssh/certman.h>
 #include <wolfssh/port.h>
 #include <wolfssh/test.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
 #include "examples/echoserver/echoserver.h"
+#include "examples/client/common.h"
 
 #if defined(WOLFSSL_PTHREADS) && defined(WOLFSSL_TEST_GLOBAL_REQ)
     #include <pthread.h>
@@ -2958,63 +2960,22 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args)
 
 #if defined(USE_WINDOWS_API) && defined(WOLFSSH_CERTS)
         if (certStoreSpec != NULL) {
-            /* Load host key from Windows certificate store: store:subject:flags */
-            char* specCopy = NULL;
-            char* storeName = NULL;
-            char* subjectName = NULL;
-            char* flagsStr = NULL;
+            /* Load host key from Windows certificate store */
             wchar_t* wStoreName = NULL;
             wchar_t* wSubjectName = NULL;
-            DWORD dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
+            DWORD dwFlags = 0;
             int ret;
-            size_t specLen = WSTRLEN(certStoreSpec) + 1;
-
-            specCopy = (char*)WMALLOC(specLen, NULL, 0);
-            if (specCopy == NULL) {
-                ES_ERROR("Memory allocation failed for cert store spec\n");
-            }
-            WSTRNCPY(specCopy, certStoreSpec, specLen);
-
-            storeName = specCopy;
-            subjectName = WSTRCHR(storeName, ':');
-            if (subjectName != NULL) {
-                *subjectName++ = '\0';
-                flagsStr = WSTRCHR(subjectName, ':');
-                if (flagsStr != NULL) {
-                    *flagsStr++ = '\0';
-                    if (WSTRCMP(flagsStr, "CURRENT_USER") == 0) {
-                        dwFlags = CERT_SYSTEM_STORE_CURRENT_USER;
-                    } else if (WSTRCMP(flagsStr, "LOCAL_MACHINE") == 0) {
-                        dwFlags = CERT_SYSTEM_STORE_LOCAL_MACHINE;
-                    } else {
-                        dwFlags = (DWORD)atoi(flagsStr);
-                    }
-                }
-            }
-            if (storeName == NULL || subjectName == NULL) {
-                WFREE(specCopy, NULL, 0);
-                ES_ERROR("Invalid cert store spec. Use: store:subject:flags\n");
-            }
 
-            {
-                int wStoreNameLen = MultiByteToWideChar(CP_UTF8, 0, storeName, -1, NULL, 0);
-                int wSubjectNameLen = MultiByteToWideChar(CP_UTF8, 0, subjectName, -1, NULL, 0);
-                wStoreName = (wchar_t*)WMALLOC(wStoreNameLen * sizeof(wchar_t), NULL, 0);
-                wSubjectName = (wchar_t*)WMALLOC(wSubjectNameLen * sizeof(wchar_t), NULL, 0);
-                if (wStoreName == NULL || wSubjectName == NULL) {
-                    if (wStoreName != NULL) WFREE(wStoreName, NULL, 0);
-                    if (wSubjectName != NULL) WFREE(wSubjectName, NULL, 0);
-                    WFREE(specCopy, NULL, 0);
-                    ES_ERROR("Memory allocation failed for cert store wide strings\n");
-                }
-                MultiByteToWideChar(CP_UTF8, 0, storeName, -1, wStoreName, wStoreNameLen);
-                MultiByteToWideChar(CP_UTF8, 0, subjectName, -1, wSubjectName, wSubjectNameLen);
+            ret = wolfSSH_ParseCertStoreSpec(certStoreSpec, &wStoreName,
+                    &wSubjectName, &dwFlags, NULL);
+            if (ret != WS_SUCCESS) {
+                ES_ERROR("Invalid cert store spec. Use: store:subject:flags\n");
             }
 
-            ret = wolfSSH_CTX_UsePrivateKey_fromStore(ctx, wStoreName, dwFlags, wSubjectName);
-            WFREE(specCopy, NULL, 0);
-            WFREE(wStoreName, NULL, 0);
-            WFREE(wSubjectName, NULL, 0);
+            ret = wolfSSH_CTX_UsePrivateKey_fromStore(ctx, wStoreName,
+                    dwFlags, wSubjectName);
+            WFREE(wStoreName, NULL, DYNTYPE_TEMP);
+            WFREE(wSubjectName, NULL, DYNTYPE_TEMP);
             if (ret != WS_SUCCESS) {
                 ES_ERROR("Couldn't load host key from certificate store.\n");
             }