Merge pull request #3945 from paul-elliott-arm/fix_pem_write_2_7

Backport 2.7: Add tests for buffer corruption after PEM write
This commit is contained in:
Gilles Peskine 2020-12-08 12:31:52 +01:00 committed by GitHub
commit dcba585f54
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 6 deletions

View file

@ -510,6 +510,9 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
*p++ = '\0';
*olen = p - buf;
/* Clean any remaining data previously written to the buffer */
memset( buf + *olen, 0, buf_len - *olen );
mbedtls_free( encode_buf );
return( 0 );
}

View file

@ -17,7 +17,7 @@ void pk_write_pubkey_check( char *key_file )
unsigned char check_buf[5000];
int ret;
FILE *f;
size_t ilen;
size_t ilen, pem_len, buf_index;
memset( buf, 0, sizeof( buf ) );
memset( check_buf, 0, sizeof( check_buf ) );
@ -28,12 +28,20 @@ void pk_write_pubkey_check( char *key_file )
ret = mbedtls_pk_write_pubkey_pem( &key, buf, sizeof( buf ));
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
// check that the rest of the buffer remains clear
for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
{
TEST_ASSERT( buf[buf_index] == 0 );
}
f = fopen( key_file, "r" );
TEST_ASSERT( f != NULL );
ilen = fread( check_buf, 1, sizeof( check_buf ), f );
fclose( f );
TEST_ASSERT( ilen == strlen( (char *) buf ) );
TEST_ASSERT( ilen == pem_len );
TEST_ASSERT( memcmp( (char *) buf, (char *) check_buf, ilen ) == 0 );
exit:
@ -49,7 +57,7 @@ void pk_write_key_check( char *key_file )
unsigned char check_buf[5000];
int ret;
FILE *f;
size_t ilen;
size_t ilen, pem_len, buf_index;
memset( buf, 0, sizeof( buf ) );
memset( check_buf, 0, sizeof( check_buf ) );
@ -60,12 +68,20 @@ void pk_write_key_check( char *key_file )
ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf ));
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
// check that the rest of the buffer remains clear
for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
{
TEST_ASSERT( buf[buf_index] == 0 );
}
f = fopen( key_file, "r" );
TEST_ASSERT( f != NULL );
ilen = fread( check_buf, 1, sizeof( check_buf ), f );
fclose( f );
TEST_ASSERT( ilen == strlen( (char *) buf ) );
TEST_ASSERT( ilen == pem_len );
TEST_ASSERT( memcmp( (char *) buf, (char *) check_buf, ilen ) == 0 );
exit:

View file

@ -44,7 +44,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
unsigned char buf[4096];
unsigned char check_buf[4000];
int ret;
size_t olen = 0, pem_len = 0;
size_t olen = 0, pem_len = 0, buf_index;
int der_len = -1;
FILE *f;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
@ -70,6 +70,11 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
pem_len = strlen( (char *) buf );
for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
{
TEST_ASSERT( buf[buf_index] == 0 );
}
f = fopen( cert_req_check_file, "r" );
TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof( check_buf ), f );
@ -112,7 +117,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
unsigned char check_buf[5000];
mbedtls_mpi serial;
int ret;
size_t olen = 0, pem_len = 0;
size_t olen = 0, pem_len = 0, buf_index;
int der_len = -1;
FILE *f;
rnd_pseudo_info rnd_info;
@ -181,6 +186,11 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
pem_len = strlen( (char *) buf );
for( buf_index = pem_len; buf_index < sizeof( buf ); ++buf_index )
{
TEST_ASSERT( buf[buf_index] == 0 );
}
f = fopen( cert_check_file, "r" );
TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof( check_buf ), f );