From a3dc07db749aa6da5631ce98f82a08b90e4f2beb Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Wed, 17 Jun 2026 17:03:49 +0800
Subject: [PATCH] Fix bugs

---
 CMakeLists.txt           |  2 +-
 include/gmssl/version.h  |  2 +-
 tools/kyberdecap.c       |  2 +-
 tools/sdfdecrypt.c       |  4 ++++
 tools/sdfdigest.c        |  6 +++++-
 tools/sdfencrypt.c       |  4 ++++
 tools/sdfsign.c          |  4 ++++
 tools/sdfutil.c          |  4 ++++
 tools/skfutil.c          |  4 ++++
 tools/sm2sign.c          |  4 ++++
 tools/sm2verify.c        |  4 ++++
 tools/sm3.c              |  4 ++++
 tools/sm3hmac.c          |  4 ++++
 tools/sm4_cbc.c          |  4 ++++
 tools/sm4_cbc_mac.c      |  4 ++++
 tools/sm4_cbc_sm3_hmac.c |  4 ++++
 tools/sm4_cfb.c          |  4 ++++
 tools/sm4_ctr.c          |  4 ++++
 tools/sm4_ctr_sm3_hmac.c |  4 ++++
 tools/sm4_ecb.c          |  4 ++++
 tools/sm4_gcm.c          |  4 ++++
 tools/sm4_ofb.c          |  4 ++++
 tools/sm4_xts.c          |  4 ++++
 tools/sm9sign.c          |  4 ++++
 tools/sm9verify.c        |  4 ++++
 tools/tlcp_server.c      | 15 +++++++++++++++
 26 files changed, 107 insertions(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7f467b3f..d9c39e4b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -819,7 +819,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1085")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1086")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
diff --git a/include/gmssl/version.h b/include/gmssl/version.h
index ff64dded..64cd5a3f 100644
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1085"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1086"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
diff --git a/tools/kyberdecap.c b/tools/kyberdecap.c
index 65ced2fc..21caef65 100644
--- a/tools/kyberdecap.c
+++ b/tools/kyberdecap.c
@@ -38,7 +38,7 @@ int kyberdecap_main(int argc, char **argv)
 	FILE *keyfp = NULL;
 	FILE *infp = stdin;
 	FILE *outfp = stdout;
-	uint8_t keybuf[KYBER_PRIVATE_KEY_SIZE];
+	uint8_t keybuf[KYBER_PRIVATE_KEY_SIZE] = {0};
 	size_t keylen = KYBER_PRIVATE_KEY_SIZE;
 	const uint8_t *cp = keybuf;
 	uint8_t *p = keybuf;
diff --git a/tools/sdfdecrypt.c b/tools/sdfdecrypt.c
index 93007a4c..7b1a1b93 100755
--- a/tools/sdfdecrypt.c
+++ b/tools/sdfdecrypt.c
@@ -199,6 +199,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 	if (sdf_cbc_decrypt_finish(&ctx, buf, &outlen) != 1) {
 		error_print();
 		goto end;
diff --git a/tools/sdfdigest.c b/tools/sdfdigest.c
index 2933a8b7..adbb5d79 100644
--- a/tools/sdfdigest.c
+++ b/tools/sdfdigest.c
@@ -152,7 +152,7 @@ int sdfdigest_main(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			infile = *(++argv);
 			if (!(infp = fopen(infile, "rb"))) {
-				fprintf(stderr, "gmssl%s: open '%s' failure : %s\n", prog, infile, strerror(errno));
+				fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
 				goto end;
 			}
 		} else if (!strcmp(*argv, "-out")) {
@@ -236,6 +236,10 @@ bad:
 				goto end;
 			}
 		}
+		if (ferror(infp)) {
+			fprintf(stderr, "%s: read failure\n", prog);
+			goto end;
+		}
 		memset(buf, 0, sizeof(buf));
 	}
 	if (sdf_digest_finish(&ctx, dgst) != 1) {
diff --git a/tools/sdfencrypt.c b/tools/sdfencrypt.c
index 114ad1e7..e92a4c7f 100755
--- a/tools/sdfencrypt.c
+++ b/tools/sdfencrypt.c
@@ -207,6 +207,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 	if (sdf_cbc_encrypt_finish(&ctx, buf, &outlen) != 1) {
 		error_print();
 		goto end;
diff --git a/tools/sdfsign.c b/tools/sdfsign.c
index e1434b76..45d12701 100644
--- a/tools/sdfsign.c
+++ b/tools/sdfsign.c
@@ -153,6 +153,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 	if (sdf_sign_finish(&ctx, sig, &siglen) != 1) {
 		(void)sdf_close_device(&dev);
 		fprintf(stderr, "gmssl %s: inner error\n", prog);
diff --git a/tools/sdfutil.c b/tools/sdfutil.c
index bed21b23..19fb5130 100644
--- a/tools/sdfutil.c
+++ b/tools/sdfutil.c
@@ -174,6 +174,10 @@ bad:
 		while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
 			sm3_update(&sm3_ctx, buf, len);
 		}
+		if (ferror(infp)) {
+			fprintf(stderr, "%s: read failure\n", prog);
+			goto end;
+		}
 		sm3_finish(&sm3_ctx, dgst);
 
 		if ((ret = sdf_sign(&key, dgst, sig, &siglen)) != 1) {
diff --git a/tools/skfutil.c b/tools/skfutil.c
index 5e8105f6..762d1dcc 100644
--- a/tools/skfutil.c
+++ b/tools/skfutil.c
@@ -231,6 +231,10 @@ bad:
 		while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
 			sm3_update(&sm3_ctx, buf, len);
 		}
+		if (ferror(infp)) {
+			fprintf(stderr, "%s: read failure\n", prog);
+			goto end;
+		}
 		sm3_finish(&sm3_ctx, dgst);
 
 		if ((ret = skf_sign(&key, dgst, sig, &siglen)) != 1) {
diff --git a/tools/sm2sign.c b/tools/sm2sign.c
index ee95109f..89d058f0 100644
--- a/tools/sm2sign.c
+++ b/tools/sm2sign.c
@@ -131,6 +131,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 	if (sm2_sign_finish(&sign_ctx, sig, &siglen) != 1) {
 		fprintf(stderr, "gmssl %s: inner error\n", prog);
 		goto end;
diff --git a/tools/sm2verify.c b/tools/sm2verify.c
index c5752358..9fbaf65b 100644
--- a/tools/sm2verify.c
+++ b/tools/sm2verify.c
@@ -167,6 +167,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 	if ((vr = sm2_verify_finish(&verify_ctx, sig, siglen)) < 0) {
 		fprintf(stderr, "gmssl %s: inner error\n", prog);
 		goto end;
diff --git a/tools/sm3.c b/tools/sm3.c
index a3b2677f..9ee6bd9c 100644
--- a/tools/sm3.c
+++ b/tools/sm3.c
@@ -214,6 +214,10 @@ bad:
 				goto end;
 			}
 		}
+		if (ferror(infp)) {
+			fprintf(stderr, "%s: read failure\n", prog);
+			goto end;
+		}
 		memset(buf, 0, sizeof(buf));
 	}
 	if (sm3_digest_finish(&sm3_ctx, dgst) != 1) {
diff --git a/tools/sm3hmac.c b/tools/sm3hmac.c
index bcf431aa..e2b92a42 100644
--- a/tools/sm3hmac.c
+++ b/tools/sm3hmac.c
@@ -161,6 +161,10 @@ bad:
 				goto end;
 			}
 		}
+		if (ferror(infp)) {
+			fprintf(stderr, "%s: read failure\n", prog);
+			goto end;
+		}
 		memset(buf, 0, sizeof(buf));
 	}
 	if (sm3_digest_finish(&ctx, mac) != 1) {
diff --git a/tools/sm4_cbc.c b/tools/sm4_cbc.c
index a4d6c73c..1efe6401 100755
--- a/tools/sm4_cbc.c
+++ b/tools/sm4_cbc.c
@@ -178,6 +178,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (enc) {
 		if (sm4_cbc_encrypt_finish(&ctx, buf, &outlen) != 1) {
diff --git a/tools/sm4_cbc_mac.c b/tools/sm4_cbc_mac.c
index 005f0551..58a183bb 100644
--- a/tools/sm4_cbc_mac.c
+++ b/tools/sm4_cbc_mac.c
@@ -161,6 +161,10 @@ bad:
 				goto end;
 			}
 		}
+		if (ferror(infp)) {
+			fprintf(stderr, "%s: read failure\n", prog);
+			goto end;
+		}
 		memset(buf, 0, sizeof(buf));
 	}
 	if (sm4_cbc_mac_finish(&ctx, mac) != 1) {
diff --git a/tools/sm4_cbc_sm3_hmac.c b/tools/sm4_cbc_sm3_hmac.c
index 47df8811..f871a665 100755
--- a/tools/sm4_cbc_sm3_hmac.c
+++ b/tools/sm4_cbc_sm3_hmac.c
@@ -205,6 +205,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (enc) {
 		if (sm4_cbc_sm3_hmac_encrypt_finish(&ctx, buf, &outlen) != 1) {
diff --git a/tools/sm4_cfb.c b/tools/sm4_cfb.c
index b1077ec3..a4cdbcc9 100755
--- a/tools/sm4_cfb.c
+++ b/tools/sm4_cfb.c
@@ -194,6 +194,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (enc) {
 		if (sm4_cfb_encrypt_finish(&ctx, buf, &outlen) != 1) {
diff --git a/tools/sm4_ctr.c b/tools/sm4_ctr.c
index 2841e114..80157a77 100755
--- a/tools/sm4_ctr.c
+++ b/tools/sm4_ctr.c
@@ -149,6 +149,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (sm4_ctr_encrypt_finish(&ctx, buf, &outlen) != 1) {
 		error_print();
diff --git a/tools/sm4_ctr_sm3_hmac.c b/tools/sm4_ctr_sm3_hmac.c
index 9db3b13e..cbb236bc 100755
--- a/tools/sm4_ctr_sm3_hmac.c
+++ b/tools/sm4_ctr_sm3_hmac.c
@@ -205,6 +205,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (enc) {
 		if (sm4_ctr_sm3_hmac_encrypt_finish(&ctx, buf, &outlen) != 1) {
diff --git a/tools/sm4_ecb.c b/tools/sm4_ecb.c
index 4f556c39..b3e25696 100755
--- a/tools/sm4_ecb.c
+++ b/tools/sm4_ecb.c
@@ -158,6 +158,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (enc) {
 		if (sm4_ecb_encrypt_finish(&ctx, buf, &outlen) != 1) {
diff --git a/tools/sm4_gcm.c b/tools/sm4_gcm.c
index 94ac7f06..33f359af 100755
--- a/tools/sm4_gcm.c
+++ b/tools/sm4_gcm.c
@@ -214,6 +214,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (enc) {
 		if (sm4_gcm_encrypt_finish(&ctx, buf, &outlen) != 1) {
diff --git a/tools/sm4_ofb.c b/tools/sm4_ofb.c
index 65a1dc83..0d920134 100755
--- a/tools/sm4_ofb.c
+++ b/tools/sm4_ofb.c
@@ -149,6 +149,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (sm4_ofb_encrypt_finish(&ctx, buf, &outlen) != 1) {
 		error_print();
diff --git a/tools/sm4_xts.c b/tools/sm4_xts.c
index f5907bc5..94bedc8e 100755
--- a/tools/sm4_xts.c
+++ b/tools/sm4_xts.c
@@ -191,6 +191,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 
 	if (enc) {
 		if (sm4_xts_encrypt_finish(&ctx, buf, &outlen) != 1) {
diff --git a/tools/sm9sign.c b/tools/sm9sign.c
index 0aa026be..9a971b47 100644
--- a/tools/sm9sign.c
+++ b/tools/sm9sign.c
@@ -120,6 +120,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 	if (sm9_sign_finish(&ctx, &key, sig, &siglen) != 1) {
 		error_print();
 		goto end;
diff --git a/tools/sm9verify.c b/tools/sm9verify.c
index da36e7c0..73d880b5 100644
--- a/tools/sm9verify.c
+++ b/tools/sm9verify.c
@@ -124,6 +124,10 @@ bad:
 			goto end;
 		}
 	}
+	if (ferror(infp)) {
+		fprintf(stderr, "%s: read failure\n", prog);
+		goto end;
+	}
 	if ((ret = sm9_verify_finish(&ctx, sig, siglen, &mpk, id, strlen(id))) != 1) {
 		error_print();
 		goto end;
diff --git a/tools/tlcp_server.c b/tools/tlcp_server.c
index d1f9e1fc..295b6130 100644
--- a/tools/tlcp_server.c
+++ b/tools/tlcp_server.c
@@ -7,6 +7,21 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
+/*
+ * FIXME: 本文件中多处使用 atoi() 解析命令行参数（如 -port），存在安全隐患：
+ *
+ * 1. 错误不可检测：atoi("abc") 和 atoi("0") 均返回 0，无法区分有效值 0 和解析错误。
+ * 2. 溢出是未定义行为：atoi 遇到超出 INT_MAX 的输入时行为未定义，编译器可能产生不可预测的结果。
+ * 3. 负数可绕过边界检查：atoi("-1") 返回 -1，可能绕过只检查下界的验证逻辑。
+ *
+ * 应在后续版本中将 atoi 替换为 strtol()，配合 errno 和 endptr 做完整的错误检查：
+ *   errno = 0;
+ *   long val = strtol(arg, &endptr, 10);
+ *   if (errno || *endptr || val < 0 || val > INT_MAX) { error; }
+ *   port = (int)val;
+ *
+ * 同样的 atoi 问题也存在于其他 tlcp_*.c、tls12_*.c、tls13_*.c 以及 sm4*.c 等工具文件中。
+ */
 
 #include <stdio.h>
 #include <string.h>