Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1

2025-01-09 15:45:37 +00:00 · 2018-05-23 17:58:10 +01:00 · 2018-05-23 17:58:10 +01:00 · a8002f8f39
parent 7350ab18df 13188782a0
commit a8002f8f39
4 changed files with 20 additions and 5 deletions
--- a/3
+++ b/3
@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Bugfix

   * Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
+   * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
+     configure the maximum length of a file path that can be buffered when
+     calling mbedtls_x509_crt_parse_path().

 = mbed TLS 2.1.12 branch released 2018-04-30

--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -2492,6 +2492,7 @@

 /* X509 options */
 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */

 /**
 * Allow SHA-1 in the default TLS configuration for certificate signing.
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@ -120,6 +120,10 @@ mbedtls_x509_crt_profile;
 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15

+#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
+#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
+#endif
+
 /**
 * Container for writing a certificate (CRT)
 */
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -1169,9 +1169,10 @@ cleanup:
    FindClose( hFind );
 #else /* _WIN32 */
    int t_ret;
+    int snp_ret;
    struct stat sb;
    struct dirent *entry;
-    char entry_name[255];
+    char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
    DIR *dir = opendir( path );

    if( dir == NULL )
@ -1187,11 +1188,16 @@ cleanup:

    while( ( entry = readdir( dir ) ) != NULL )
    {
-        mbedtls_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
+        snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
+                                    "%s/%s", path, entry->d_name );

-        if( stat( entry_name, &sb ) == -1 )
+        if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
+        {
+            ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+            goto cleanup;
+        }
+        else if( stat( entry_name, &sb ) == -1 )
        {
-            closedir( dir );
            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
            goto cleanup;
        }
@ -1207,9 +1213,10 @@ cleanup:
        else
            ret += t_ret;
    }
-    closedir( dir );

 cleanup:
+    closedir( dir );
+
 #if defined(MBEDTLS_THREADING_C)
    if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
        ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;