From 96c1a567f0cd1b0e537126de38d7defe7d16fb15 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 1 Aug 2018 19:16:42 +0900 Subject: [PATCH 1/3] #4169: CBIO set flag to escape from overwritten in SSL_set_bio --- src/internal.c | 1 + src/ssl.c | 12 ++++++++++-- src/wolfio.c | 6 ++++++ wolfssl/internal.h | 13 ++++++++++++- 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index 521921c29..38017ee06 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1382,6 +1382,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) #endif #ifdef OPENSSL_EXTRA ctx->verifyDepth = MAX_CHAIN_DEPTH; + ctx->cbioFlag = WOLFSSL_CBIO_NONE; #endif #ifndef WOLFSSL_USER_IO diff --git a/src/ssl.c b/src/ssl.c index 3b094d083..a85c40240 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11060,10 +11060,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->biowr = wr; /* set SSL to use BIO callbacks instead */ - if (rd != NULL && rd->type != WOLFSSL_BIO_SOCKET) { + if ( + #ifdef OPENSSL_EXTRA + ((ssl->cbioFlag & WOLFSSL_CBIO_RECV) != 0) && + #endif + (rd != NULL && rd->type != WOLFSSL_BIO_SOCKET)) { ssl->CBIORecv = BioReceive; } - if (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET) { + if ( + #ifdef OPENSSL_EXTRA + ((ssl->cbioFlag & WOLFSSL_CBIO_SEND) != 0) && + #endif + (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) { ssl->CBIOSend = BioSend; } } diff --git a/src/wolfio.c b/src/wolfio.c index 4b82475d2..e9b1f6429 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1433,12 +1433,18 @@ int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz) WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv) { ctx->CBIORecv = CBIORecv; + #ifdef OPENSSL_EXTRA + ctx->cbioFlag |= WOLFSSL_CBIO_RECV; + #endif } WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend) { ctx->CBIOSend = CBIOSend; + #ifdef OPENSSL_EXTRA + ctx->cbioFlag |= WOLFSSL_CBIO_SEND; + #endif } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f437714f5..74a547669 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2409,6 +2409,14 @@ enum KeyUpdateRequest { #endif /* WOLFSSL_TLS13 */ +#ifdef OPENSSL_EXTRA +enum SetCBIO { + WOLFSSL_CBIO_NONE = 0, + WOLFSSL_CBIO_RECV = 0x1, + WOLFSSL_CBIO_SEND = 0x2, +}; +#endif + /* wolfSSL context type */ struct WOLFSSL_CTX { WOLFSSL_METHOD* method; @@ -2502,6 +2510,7 @@ struct WOLFSSL_CTX { const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ unsigned int alpn_cli_protos_len; byte sessionCtxSz; + byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ CallbackInfoState* CBIS; /* used to get info about SSL state */ #endif CallbackIORecv CBIORecv; @@ -2645,7 +2654,6 @@ struct WOLFSSL_CTX { #endif }; - WOLFSSL_LOCAL WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); WOLFSSL_LOCAL @@ -3536,6 +3544,9 @@ struct WOLFSSL { WriteDup* dupWrite; /* valid pointer indicates ON */ /* side that decrements dupCount to zero frees overall structure */ byte dupSide; /* write side or read side */ +#endif +#ifdef OPENSSL_EXTRA + byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ #endif CallbackIORecv CBIORecv; CallbackIOSend CBIOSend; From 98f6ae16ca6a918fe6d5652841f7c4e9421a058d Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 2 Aug 2018 04:48:39 +0900 Subject: [PATCH 2/3] copy cbioFlag from ctx to ssl --- src/internal.c | 1 + src/ssl.c | 10 ++-------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/src/internal.c b/src/internal.c index 38017ee06..f26a65270 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4625,6 +4625,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) /* copy over application session context ID */ ssl->sessionCtxSz = ctx->sessionCtxSz; XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz); + ssl->cbioFlag = ctx->cbioFlag; #endif InitCiphers(ssl); diff --git a/src/ssl.c b/src/ssl.c index a85c40240..a725689b6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11060,17 +11060,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->biowr = wr; /* set SSL to use BIO callbacks instead */ - if ( - #ifdef OPENSSL_EXTRA - ((ssl->cbioFlag & WOLFSSL_CBIO_RECV) != 0) && - #endif + if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) != 0) && (rd != NULL && rd->type != WOLFSSL_BIO_SOCKET)) { ssl->CBIORecv = BioReceive; } - if ( - #ifdef OPENSSL_EXTRA - ((ssl->cbioFlag & WOLFSSL_CBIO_SEND) != 0) && - #endif + if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) != 0) && (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) { ssl->CBIOSend = BioSend; } From fd75f35801ce67ab11ff24f6d221764269844f63 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 2 Aug 2018 10:18:09 +0900 Subject: [PATCH 3/3] fix cbioFlag check --- src/ssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index a725689b6..758a439ea 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11060,11 +11060,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->biowr = wr; /* set SSL to use BIO callbacks instead */ - if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) != 0) && + if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0) && (rd != NULL && rd->type != WOLFSSL_BIO_SOCKET)) { ssl->CBIORecv = BioReceive; } - if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) != 0) && + if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0) && (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) { ssl->CBIOSend = BioSend; }