Skip to content

examples/client: add cert-name length bounds check in ParseRFC6187#1052

Open
yosuke-wolfssl wants to merge 1 commit into
wolfSSL:masterfrom
yosuke-wolfssl:fix/f_6267
Open

examples/client: add cert-name length bounds check in ParseRFC6187#1052
yosuke-wolfssl wants to merge 1 commit into
wolfSSL:masterfrom
yosuke-wolfssl:fix/f_6267

Conversation

@yosuke-wolfssl

@yosuke-wolfssl yosuke-wolfssl commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

ParseRFC6187 in examples/client/common.c read the peer-supplied RFC6187 name length l with ato32() and then advanced m += l + sizeof(word32) without validating l against inSz. Because l is attacker-controlled (the leading length field of the SSH host-key blob), a value larger than inSz pushed m past inSz. The subsequent inSz - m unsigned subtraction then underflowed to a large value, so the < sizeof(word32) bounds test passed and ato32(in + m, &count) read past the end of the pubKey buffer.

This adds the same bounds check the sibling apps/wolfssh/common.c copy already has, restoring parity between the two implementations.

Addressed by f_6267.

Changes

  • examples/client/common.c: in ParseRFC6187, reject l > inSz - sizeof(word32) with WS_BUFFER_E immediately after reading l, before computing m.
/* Skip the name */
ato32(in, &l);
if (l > inSz - sizeof(word32))
    return WS_BUFFER_E;

m += l + sizeof(word32);

Why it is correct

  • The earlier inSz < sizeof(word32) check guarantees inSz - sizeof(word32) cannot underflow.
  • Rejecting oversized l keeps m <= inSz, so the later inSz - m subtractions stay in range and the existing bounds tests work as intended.

@yosuke-wolfssl yosuke-wolfssl self-assigned this Jun 23, 2026
Copilot AI review requested due to automatic review settings June 23, 2026 04:54
Copilot AI reviewed Jun 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request hardens the examples/client RFC6187 parsing logic by adding a missing length bounds check in ParseRFC6187, preventing out-of-bounds reads when handling attacker-controlled certificate name lengths in SSH host-key blobs. This brings the examples/client/common.c implementation back in sync with the existing guarded version in apps/wolfssh/common.c.

Changes:

  • Add a post-ato32() bounds check for the peer-supplied RFC6187 name length l before advancing the parse offset m.
  • Return WS_BUFFER_E immediately on oversized l to avoid unsigned underflow in later inSz - m checks.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Jun 23, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1052

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yosuke-wolfssl @wolfSSL-Fenrir-bot @wolfSSL-Bot