Skip to content

Defensive code additions for sanity checks on input arguments with Base64, PEM write, mp_read_unsigned_bin#10721

Open
JacobBarthelmeh wants to merge 5 commits into
wolfSSL:masterfrom
JacobBarthelmeh:dev_2
Open

Defensive code additions for sanity checks on input arguments with Base64, PEM write, mp_read_unsigned_bin#10721
JacobBarthelmeh wants to merge 5 commits into
wolfSSL:masterfrom
JacobBarthelmeh:dev_2

Conversation

@JacobBarthelmeh

Copy link
Copy Markdown
Contributor

ZD21992

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Hardens several low-level routines against integer wrap/overflow by tightening bounds checks when parsing lengths, encoding Base64/PEM, and reading big integers.

Changes:

  • Added size/argument validation to prevent overflow in Base64 encoding and PEM size calculations.
  • Strengthened ASN.1 buffer bounds checks to avoid word32 wrap.
  • Added defensive checks in mp_read_unsigned_bin to reject problematic input sizes.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
wolfcrypt/src/integer.c Adds input length validation intended to prevent overflow in bit/digit calculations.
wolfcrypt/src/coding.c Adds a guard intended to prevent Base64 encoded-size calculation from wrapping.
wolfcrypt/src/asn.c Reworks index/length comparisons to avoid word32 addition overflow.
src/pk.c Adds a guard against overflow in PEM buffer size calculations and rejects negative lengths.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread wolfcrypt/src/integer.c Outdated
Comment thread wolfcrypt/src/coding.c
Comment thread src/pk.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10721

Scan targets checked: wolfcrypt-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread wolfcrypt/src/integer.c Outdated
@JacobBarthelmeh JacobBarthelmeh changed the title Hardening defensive code additions for sanity checks on input arguments with Base64, PEM write, mp_read_unsigned_bin Defensive code additions for sanity checks on input arguments with Base64, PEM write, mp_read_unsigned_bin Jun 17, 2026
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

MemBrowse Memory Report

gcc-arm-cortex-m0plus

  • FLASH: .text +56 B (+0.1%, 64,163 B / 262,144 B, total: 24% used)

gcc-arm-cortex-m3

  • FLASH: .text +236 B (+0.2%, 122,457 B / 262,144 B, total: 47% used)

gcc-arm-cortex-m4

  • FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +320 B (+0.2%, 200,284 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m4-crypto-only

  • FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +64 B (+0.1%, 174,440 B / 262,144 B, total: 67% used)

gcc-arm-cortex-m4-dtls13

  • FLASH: .text +192 B (+0.1%, 180,824 B / 1,048,576 B, total: 17% used)

gcc-arm-cortex-m4-min-ecc

  • FLASH: .text +64 B (+0.1%, 61,741 B / 262,144 B, total: 24% used)

gcc-arm-cortex-m4-openssl-compat

  • FLASH: .rodata +56 B, .text +1,024 B (+0.1%, 770,828 B / 1,048,576 B, total: 74% used)

gcc-arm-cortex-m4-pkcs7

  • FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +256 B (+0.1%, 212,524 B / 262,144 B, total: 81% used)

gcc-arm-cortex-m4-pq

  • FLASH: .rodata +60 B, .text +128 B (+0.1%, 279,236 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m4-rsa-only

  • FLASH: .rodata +56 B, .text +192 B (+0.1%, 324,896 B / 1,048,576 B, total: 31% used)

gcc-arm-cortex-m4-sp-math

  • FLASH: .text +64 B (+0.1%, 61,741 B / 262,144 B, total: 24% used)

gcc-arm-cortex-m4-tls12

  • FLASH: .text +256 B (+0.2%, 123,213 B / 262,144 B, total: 47% used)

gcc-arm-cortex-m4-tls13

  • FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +128 B (+0.1%, 235,918 B / 262,144 B, total: 90% used)

gcc-arm-cortex-m7

  • FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +256 B (+0.2%, 200,220 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m7-pq

  • FLASH: .rodata +60 B, .text +128 B (+0.1%, 279,812 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m7-tls13

  • FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +128 B (+0.1%, 235,982 B / 262,144 B, total: 90% used)

linuxkm-pie

  • Data: __patchable_function_entries +192 B (+0.8%, 25,512 B)

linuxkm-standard

  • Data: __patchable_function_entries +216 B (+0.5%, 48,160 B)

stm32-sim-stm32h753

@JacobBarthelmeh

Copy link
Copy Markdown
Contributor Author

Retest this please Jenkins

@JacobBarthelmeh

Copy link
Copy Markdown
Contributor Author

Retest this please Jenkins. Apple M1 test failure unexpected disconnect while reading sideband packet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants