abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check before memcpy

Browse Source
This commit is contained in:
Zhi Guan
2026-06-17 00:30:16 +08:00
parent b4906f1220
commit 8682cecb8f
4 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -818,7 +818,7 @@ endif()
# #
set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_NAME "GmSSL")
set(CPACK_PACKAGE_VENDOR "GmSSL develop team") set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1068") set(CPACK_PACKAGE_VERSION "3.2.0-dev.1069")
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
set(CPACK_NSIS_MODIFY_PATH ON) set(CPACK_NSIS_MODIFY_PATH ON)
include(CPack) include(CPack)

2
include/gmssl/version.h
View File

@@ -18,7 +18,7 @@ extern "C" {
#define GMSSL_VERSION_NUM 30200 #define GMSSL_VERSION_NUM 30200
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1068" #define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1069"
int gmssl_version_num(void); int gmssl_version_num(void);
const char *gmssl_version_str(void); const char *gmssl_version_str(void);

2
src/tls.c
View File

@@ -1739,7 +1739,7 @@ int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs,
error_print(); error_print();
return -1; return -1;
} }
if (datalen > TLS_MAX_CERTIFICATES_SIZE) { if (len > TLS_MAX_CERTIFICATES_SIZE) {
error_print(); error_print();
return -1; return -1;
} }

15
src/tls12.c
View File

@@ -2141,10 +2141,14 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_handshake_failure); tls_send_alert(conn, TLS_alert_handshake_failure);
return -1; return -1;
} }
memcpy(common_supported_groups, conn->ctx->supported_groups, // TODO: unify secure memcpy
conn->ctx->supported_groups_cnt * sizeof(conn->ctx->supported_groups[0])); common_supported_groups_cnt = sizeof(common_supported_groups)/sizeof(common_supported_groups[0]);
if (conn->ctx->supported_groups_cnt < common_supported_groups_cnt) {
common_supported_groups_cnt = conn->ctx->supported_groups_cnt; common_supported_groups_cnt = conn->ctx->supported_groups_cnt;
} }
memcpy(common_supported_groups, conn->ctx->supported_groups,
common_supported_groups_cnt * sizeof(conn->ctx->supported_groups[0]));
}
if (signature_algorithms) { if (signature_algorithms) {
if ((ret = tls_process_signature_algorithms(signature_algorithms, signature_algorithms_len, if ((ret = tls_process_signature_algorithms(signature_algorithms, signature_algorithms_len,
@@ -2165,9 +2169,12 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_handshake_failure); tls_send_alert(conn, TLS_alert_handshake_failure);
return -1; return -1;
} }
memcpy(common_signature_algorithms, conn->ctx->signature_algorithms, // TODO: unify secure memcpy
conn->ctx->signature_algorithms_cnt * sizeof(conn->ctx->signature_algorithms[0])); common_signature_algorithms_cnt = sizeof(common_signature_algorithms)/sizeof(common_signature_algorithms[0]);
if (conn->ctx->signature_algorithms_cnt < common_signature_algorithms_cnt)
common_signature_algorithms_cnt = conn->ctx->signature_algorithms_cnt; common_signature_algorithms_cnt = conn->ctx->signature_algorithms_cnt;
memcpy(common_signature_algorithms, conn->ctx->signature_algorithms,
common_signature_algorithms_cnt * sizeof(conn->ctx->signature_algorithms[0]));
} }
if (signature_algorithms_cert) { if (signature_algorithms_cert) {