Fix segfault

2020-06-25 23:39:26 +02:00 · 2020-06-25 23:39:26 +02:00 · a6651a21f8
parent 229c5e9563
commit a6651a21f8
3 changed files with 43 additions and 21 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -8724,9 +8724,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
        case (NID_basic_constraints):
            WOLFSSL_MSG("basicConstraints");
            /* Allocate new BASIC_CONSTRAINTS structure */
-            bc = (WOLFSSL_BASIC_CONSTRAINTS*)
-                  XMALLOC(sizeof(WOLFSSL_BASIC_CONSTRAINTS), NULL,
-                  DYNAMIC_TYPE_X509_EXT);
+            bc = wolfSSL_BASIC_CONSTRAINTS_new();
            if (bc == NULL) {
                WOLFSSL_MSG("Failed to malloc basic constraints");
                return NULL;
@ -8737,7 +8735,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
                bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen);
                if (bc->pathlen == NULL) {
                    WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
-                    XFREE(bc, NULL, DYNAMIC_TYPE_X509_EXT);
+                    wolfSSL_BASIC_CONSTRAINTS_free(bc);
                    return NULL;
                }
            }
@ -9122,6 +9120,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
    WOLFSSL_STACK* sk = NULL;
    WOLFSSL_ASN1_OBJECT* obj = NULL;
    WOLFSSL_GENERAL_NAME* gn = NULL;
+    WOLFSSL_BASIC_CONSTRAINTS* bc = NULL;

    WOLFSSL_ENTER("wolfSSL_X509_get_ext_d2i");

@ -9136,27 +9135,35 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
    switch (nid) {
        case BASIC_CA_OID:
            if (x509->basicConstSet) {
-                obj = wolfSSL_ASN1_OBJECT_new();
-                if (obj == NULL) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
+                WOLFSSL_ASN1_INTEGER* a;
+
+                bc = wolfSSL_BASIC_CONSTRAINTS_new();
+                if (!bc) {
+                    WOLFSSL_MSG("wolfSSL_BASIC_CONSTRAINTS_new error");
                    return NULL;
                }
+
+                a = wolfSSL_ASN1_INTEGER_new();
+                if (!a) {
+                    WOLFSSL_MSG("wolfSSL_ASN1_INTEGER_new error");
+                    wolfSSL_BASIC_CONSTRAINTS_free(bc);
+                    return NULL;
+                }
+                a->length = x509->pathLength;
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+        defined(WOLFSSL_APACHE_HTTPD)
+                bc->ca = x509->isCa;
+#endif
+                bc->pathlen = a;
                if (c != NULL) {
                    *c = x509->basicConstCrit;
                }
-                obj->type = BASIC_CA_OID;
-                obj->grp  = oidCertExtType;
-                obj->nid  = nid;
-                obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
-            #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
-                    defined(WOLFSSL_APACHE_HTTPD)
-                obj->ca = x509->isCa;
-            #endif
            }
            else {
                WOLFSSL_MSG("No Basic Constraint set");
            }
-            return obj;
+            return bc;

        case ALT_NAMES_OID:
        {
@ -27404,6 +27411,20 @@ WOLFSSL_STACK* wolfSSL_sk_new_null(void)

 #ifdef OPENSSL_EXTRA

+WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void)
+{
+    WOLFSSL_BASIC_CONSTRAINTS* bc;
+    bc = (WOLFSSL_BASIC_CONSTRAINTS*)
+          XMALLOC(sizeof(WOLFSSL_BASIC_CONSTRAINTS), NULL,
+          DYNAMIC_TYPE_X509_EXT);
+    if (bc == NULL) {
+        WOLFSSL_MSG("Failed to malloc basic constraints");
+        return NULL;
+    }
+    XMEMSET(bc, 0, sizeof(WOLFSSL_BASIC_CONSTRAINTS));
+    return bc;
+}
+
 /* frees the wolfSSL_BASIC_CONSTRAINTS object */
 void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc)
 {
--- a/tests/api.c
+++ b/tests/api.c
@ -23307,6 +23307,7 @@ static void test_wolfSSL_certs(void)
    STACK_OF(ASN1_OBJECT)* sk;
    ASN1_STRING* asn1_str;
    AUTHORITY_KEYID* akey;
+    BASIC_CONSTRAINTS* bc;
    int crit;

    printf(testingFmt, "wolfSSL_certs()");
@ -23371,16 +23372,16 @@ static void test_wolfSSL_certs(void)
    #endif /* !NO_SHA && !NO_SHA256*/

    /* test and checkout X509 extensions */
-    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
+    bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
            &crit, NULL);
-    AssertNotNull(sk);
+    AssertNotNull(bc);
 #ifdef OPENSSL_ALL
-    ext = X509V3_EXT_i2d(NID_basic_constraints, crit, sk);
+    ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
    AssertNotNull(ext);
    X509_EXTENSION_free(ext);
 #endif
    AssertIntEQ(crit, 0);
-    sk_ASN1_OBJECT_free(sk);
+    BASIC_CONSTRAINTS_free(bc);

    asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
    AssertNotNull(asn1_str);
@ -23416,7 +23417,6 @@ static void test_wolfSSL_certs(void)
    wolfSSL_AUTHORITY_KEYID_free(akey);
    X509_EXTENSION_free(ext);
 #endif
-    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
            NID_private_key_usage_period, &crit, NULL);
--- a/wolfssl/openssl/x509v3.h
+++ b/wolfssl/openssl/x509v3.h
@ -88,6 +88,7 @@ typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
 typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
 typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;

+WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
 WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
 WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void);
 WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);