Skip to content

Commit a03038d

Browse files
committed
Make sure large buffers are on the heap with SMALL_STACK
1 parent fb64844 commit a03038d

File tree

17 files changed

+351
-172
lines changed

17 files changed

+351
-172
lines changed

src/conf.c

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -149,8 +149,8 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
149149
{
150150
const WOLF_STACK_OF(WOLFSSL_STRING)* data;
151151
long totalLen = 0;
152-
char buf[512]; /* Should be more than enough for a single row */
153-
char* bufEnd = buf + sizeof(buf);
152+
WC_DECLARE_VAR(buf, char, 512, NULL); /* enough for a single row */
153+
char* bufEnd;
154154
int i;
155155

156156
WOLFSSL_ENTER("wolfSSL_TXT_DB_write");
@@ -160,6 +160,10 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
160160
return WOLFSSL_FAILURE;
161161
}
162162

163+
WC_ALLOC_VAR_EX(buf, char, 512, NULL, DYNAMIC_TYPE_TMP_BUFFER,
164+
return WOLFSSL_FAILURE);
165+
bufEnd = buf + 512;
166+
163167
data = db->data;
164168
while (data) {
165169
char** fields = (char**)data->data.string;
@@ -168,6 +172,7 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
168172

169173
if (!fields) {
170174
WOLFSSL_MSG("Missing row");
175+
WC_FREE_VAR_EX(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
171176
return WOLFSSL_FAILURE;
172177
}
173178

@@ -186,6 +191,7 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
186191
}
187192
else {
188193
WOLFSSL_MSG("Data row is too big");
194+
WC_FREE_VAR_EX(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
189195
return WOLFSSL_FAILURE;
190196
}
191197
}
@@ -194,24 +200,29 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
194200
}
195201
else {
196202
WOLFSSL_MSG("Data row is too big");
203+
WC_FREE_VAR_EX(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
197204
return WOLFSSL_FAILURE;
198205
}
199206
}
200207
if (idx > buf)
201208
idx[-1] = '\n';
202-
else
209+
else {
210+
WC_FREE_VAR_EX(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
203211
return WOLFSSL_FAILURE;
212+
}
204213
sz = (int)(idx - buf);
205214

206215
if (wolfSSL_BIO_write(out, buf, sz) != sz) {
207216
WOLFSSL_MSG("wolfSSL_BIO_write error");
217+
WC_FREE_VAR_EX(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
208218
return WOLFSSL_FAILURE;
209219
}
210220
totalLen += sz;
211221

212222
data = data->next;
213223
}
214224

225+
WC_FREE_VAR_EX(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
215226
return totalLen;
216227
}
217228

src/dtls.c

Lines changed: 15 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -212,46 +212,50 @@ static int CreateDtls12Cookie(const WOLFSSL* ssl, const WolfSSL_CH* ch,
212212
byte* cookie)
213213
{
214214
int ret;
215-
Hmac cookieHmac;
215+
WC_DECLARE_VAR(cookieHmac, Hmac, 1, ssl->heap);
216216

217217
if (ssl->buffers.dtlsCookieSecret.buffer == NULL ||
218218
ssl->buffers.dtlsCookieSecret.length == 0) {
219219
WOLFSSL_MSG("Missing DTLS 1.2 cookie secret");
220220
return COOKIE_ERROR;
221221
}
222222

223-
ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
223+
WC_ALLOC_VAR_EX(cookieHmac, Hmac, 1, ssl->heap, DYNAMIC_TYPE_HMAC,
224+
return MEMORY_E);
225+
226+
ret = wc_HmacInit(cookieHmac, ssl->heap, ssl->devId);
224227
if (ret == 0) {
225-
ret = wc_HmacSetKey(&cookieHmac, DTLS_COOKIE_TYPE,
228+
ret = wc_HmacSetKey(cookieHmac, DTLS_COOKIE_TYPE,
226229
ssl->buffers.dtlsCookieSecret.buffer,
227230
ssl->buffers.dtlsCookieSecret.length);
228231
if (ret == 0) {
229232
/* peerLock not necessary. Still in handshake phase. */
230-
ret = wc_HmacUpdate(&cookieHmac,
233+
ret = wc_HmacUpdate(cookieHmac,
231234
(const byte*)ssl->buffers.dtlsCtx.peer.sa,
232235
ssl->buffers.dtlsCtx.peer.sz);
233236
}
234237
if (ret == 0)
235-
ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->pv, OPAQUE16_LEN);
238+
ret = wc_HmacUpdate(cookieHmac, (byte*)ch->pv, OPAQUE16_LEN);
236239
if (ret == 0)
237-
ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->random, RAN_LEN);
240+
ret = wc_HmacUpdate(cookieHmac, (byte*)ch->random, RAN_LEN);
238241
if (ret == 0) {
239-
ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->sessionId.elements,
242+
ret = wc_HmacUpdate(cookieHmac, (byte*)ch->sessionId.elements,
240243
ch->sessionId.size);
241244
}
242245
if (ret == 0) {
243-
ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->cipherSuite.elements,
246+
ret = wc_HmacUpdate(cookieHmac, (byte*)ch->cipherSuite.elements,
244247
ch->cipherSuite.size);
245248
}
246249
if (ret == 0) {
247-
ret = wc_HmacUpdate(&cookieHmac, (byte*)ch->compression.elements,
250+
ret = wc_HmacUpdate(cookieHmac, (byte*)ch->compression.elements,
248251
ch->compression.size);
249252
}
250253
if (ret == 0)
251-
ret = wc_HmacFinal(&cookieHmac, cookie);
252-
wc_HmacFree(&cookieHmac);
254+
ret = wc_HmacFinal(cookieHmac, cookie);
255+
wc_HmacFree(cookieHmac);
253256
}
254257

258+
WC_FREE_VAR_EX(cookieHmac, ssl->heap, DYNAMIC_TYPE_HMAC);
255259
return ret;
256260
}
257261

src/dtls13.c

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -489,29 +489,33 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz,
489489
/* msg_type(1) + length (3) */
490490
byte header[OPAQUE32_LEN];
491491
int ret;
492-
wc_HashAlg hashCtx;
492+
WC_DECLARE_VAR(hashCtx, wc_HashAlg, 1, ssl->heap);
493493
int type = wolfSSL_GetHmacType_ex(specs);
494494

495495
if (type < 0)
496496
return type;
497497

498+
WC_ALLOC_VAR_EX(hashCtx, wc_HashAlg, 1, ssl->heap, DYNAMIC_TYPE_HASHES,
499+
return MEMORY_E);
500+
498501
header[0] = (byte)client_hello;
499502
c32to24(length, header + 1);
500503

501-
ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId);
504+
ret = wc_HashInit_ex(hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId);
502505
if (ret == 0) {
503-
ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN);
506+
ret = wc_HashUpdate(hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN);
504507
if (ret == 0)
505-
ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length);
508+
ret = wc_HashUpdate(hashCtx, (enum wc_HashType)type, body, length);
506509
if (ret == 0)
507-
ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash);
510+
ret = wc_HashFinal(hashCtx, (enum wc_HashType)type, hash);
508511
if (ret == 0) {
509512
*hashSz = wc_HashGetDigestSize((enum wc_HashType)type);
510513
if (*hashSz < 0)
511514
ret = *hashSz;
512515
}
513-
wc_HashFree(&hashCtx, (enum wc_HashType)type);
516+
wc_HashFree(hashCtx, (enum wc_HashType)type);
514517
}
518+
WC_FREE_VAR_EX(hashCtx, ssl->heap, DYNAMIC_TYPE_HASHES);
515519
return ret;
516520
}
517521

@@ -2131,8 +2135,10 @@ static const byte snLabel[SN_LABEL_SZ + 1] = "sn";
21312135
*/
21322136
int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision)
21332137
{
2134-
byte key_dig[MAX_PRF_DIG];
21352138
int ret = 0;
2139+
WC_DECLARE_VAR(key_dig, byte, MAX_PRF_DIG, ssl->heap);
2140+
WC_ALLOC_VAR_EX(key_dig, byte, MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST,
2141+
return MEMORY_E);
21362142

21372143
if (provision & PROVISION_CLIENT) {
21382144
WOLFSSL_MSG("Derive SN Client key");
@@ -2159,8 +2165,9 @@ int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision)
21592165
end:
21602166
ForceZero(key_dig, MAX_PRF_DIG);
21612167
#ifdef WOLFSSL_CHECK_MEM_ZERO
2162-
wc_MemZero_Check(key_dig, sizeof(key_dig));
2168+
wc_MemZero_Check(key_dig, MAX_PRF_DIG);
21632169
#endif
2170+
WC_FREE_VAR_EX(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
21642171
return ret;
21652172
}
21662173

src/ssl.c

Lines changed: 32 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -18581,55 +18581,71 @@ static int SetStaticEphemeralKey(WOLFSSL_CTX* ctx,
1858118581
#ifdef HAVE_ECC
1858218582
if (keyAlgo == WC_PK_TYPE_NONE) {
1858318583
word32 idx = 0;
18584-
ecc_key eccKey;
18585-
ret = wc_ecc_init_ex(&eccKey, heap, INVALID_DEVID);
18584+
WC_DECLARE_VAR(eccKey, ecc_key, 1, heap);
18585+
WC_ALLOC_VAR_EX(eccKey, ecc_key, 1, heap, DYNAMIC_TYPE_ECC,
18586+
ret = MEMORY_E);
18587+
if (ret == 0)
18588+
ret = wc_ecc_init_ex(eccKey, heap, INVALID_DEVID);
1858618589
if (ret == 0) {
18587-
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &eccKey, keySz);
18590+
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, eccKey, keySz);
1858818591
if (ret == 0)
1858918592
keyAlgo = WC_PK_TYPE_ECDH;
18590-
wc_ecc_free(&eccKey);
18593+
wc_ecc_free(eccKey);
1859118594
}
18595+
WC_FREE_VAR_EX(eccKey, heap, DYNAMIC_TYPE_ECC);
1859218596
}
1859318597
#endif
1859418598
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
1859518599
if (keyAlgo == WC_PK_TYPE_NONE) {
1859618600
word32 idx = 0;
18597-
DhKey dhKey;
18598-
ret = wc_InitDhKey_ex(&dhKey, heap, INVALID_DEVID);
18601+
WC_DECLARE_VAR(dhKey, DhKey, 1, heap);
18602+
WC_ALLOC_VAR_EX(dhKey, DhKey, 1, heap, DYNAMIC_TYPE_DH,
18603+
ret = MEMORY_E);
18604+
if (ret == 0)
18605+
ret = wc_InitDhKey_ex(dhKey, heap, INVALID_DEVID);
1859918606
if (ret == 0) {
18600-
ret = wc_DhKeyDecode(keyBuf, &idx, &dhKey, keySz);
18607+
ret = wc_DhKeyDecode(keyBuf, &idx, dhKey, keySz);
1860118608
if (ret == 0)
1860218609
keyAlgo = WC_PK_TYPE_DH;
18603-
wc_FreeDhKey(&dhKey);
18610+
wc_FreeDhKey(dhKey);
1860418611
}
18612+
WC_FREE_VAR_EX(dhKey, heap, DYNAMIC_TYPE_DH);
1860518613
}
1860618614
#endif
1860718615
#ifdef HAVE_CURVE25519
1860818616
if (keyAlgo == WC_PK_TYPE_NONE) {
1860918617
word32 idx = 0;
18610-
curve25519_key x25519Key;
18611-
ret = wc_curve25519_init_ex(&x25519Key, heap, INVALID_DEVID);
18618+
WC_DECLARE_VAR(x25519Key, curve25519_key, 1, heap);
18619+
WC_ALLOC_VAR_EX(x25519Key, curve25519_key, 1, heap,
18620+
DYNAMIC_TYPE_CURVE25519, ret = MEMORY_E);
18621+
if (ret == 0)
18622+
ret = wc_curve25519_init_ex(x25519Key, heap, INVALID_DEVID);
1861218623
if (ret == 0) {
1861318624
ret = wc_Curve25519PrivateKeyDecode(keyBuf, &idx,
18614-
&x25519Key, keySz);
18625+
x25519Key, keySz);
1861518626
if (ret == 0)
1861618627
keyAlgo = WC_PK_TYPE_CURVE25519;
18617-
wc_curve25519_free(&x25519Key);
18628+
wc_curve25519_free(x25519Key);
1861818629
}
18630+
WC_FREE_VAR_EX(x25519Key, heap, DYNAMIC_TYPE_CURVE25519);
1861918631
}
1862018632
#endif
1862118633
#ifdef HAVE_CURVE448
1862218634
if (keyAlgo == WC_PK_TYPE_NONE) {
1862318635
word32 idx = 0;
18624-
curve448_key x448Key;
18625-
ret = wc_curve448_init(&x448Key);
18636+
WC_DECLARE_VAR(x448Key, curve448_key, 1, heap);
18637+
WC_ALLOC_VAR_EX(x448Key, curve448_key, 1, heap,
18638+
DYNAMIC_TYPE_CURVE448, ret = MEMORY_E);
18639+
if (ret == 0)
18640+
ret = wc_curve448_init(x448Key);
1862618641
if (ret == 0) {
18627-
ret = wc_Curve448PrivateKeyDecode(keyBuf, &idx, &x448Key,
18642+
ret = wc_Curve448PrivateKeyDecode(keyBuf, &idx, x448Key,
1862818643
keySz);
1862918644
if (ret == 0)
1863018645
keyAlgo = WC_PK_TYPE_CURVE448;
18631-
wc_curve448_free(&x448Key);
18646+
wc_curve448_free(x448Key);
1863218647
}
18648+
WC_FREE_VAR_EX(x448Key, heap, DYNAMIC_TYPE_CURVE448);
1863318649
}
1863418650
#endif
1863518651

0 commit comments

Comments
 (0)