Bug fix

CMakeLists.txt

@@ -819,7 +819,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1084")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1085")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)

include/gmssl/version.h

@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1084"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1085"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);

tools/certverify.c

@@ -51,9 +51,9 @@ int certverify_main(int argc, char **argv)
 	char *cacertfile = NULL;
 	FILE *infp = stdin;
 	FILE *cacertfp = NULL;
-	uint8_t cert[1024];
+	uint8_t cert[8192];
 	size_t certlen;
-	uint8_t cacert[1024];
+	uint8_t cacert[8192];
 	size_t cacertlen;
 	char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
 	size_t signer_id_len = 0;
@@ -73,7 +73,7 @@ int certverify_main(int argc, char **argv)
 	size_t enc_subject_len;
 
 	int double_certs = 0;
-	uint8_t enc_cert[1024];
+	uint8_t enc_cert[8192];
 	size_t enc_cert_len;
 	int rv;
 

tools/cmsencrypt.c

@@ -103,6 +103,9 @@ int cmsencrypt_main(int argc, char **argv)
 	}
 	cert = rcpt_certs;
 
+	// FIXME: TOCTOU between file_size measurement and fread. If the file shrinks
+	// after measurement, the buffer is oversized but only actual bytes read are
+	// encrypted (inlen is updated by fread). If the file grows, data is truncated.
 	if (get_files_size(argc, argv, "-in", &inlen) != 1) {
 		goto end;
 	}

tools/ocspsign.c

@@ -452,6 +452,9 @@ bad:
 		fprintf(stderr, "%s: generate OCSPResponse failure\n", prog);
 		goto end;
 	}
+	// FIXME: resplen = 0 resets buffer capacity before second ocsp_sign call.
+	// If ocsp_sign() uses *outlen as input buffer capacity, passing 0 may
+	// allow buffer overflow. Proposed fix: resplen = sizeof(resp);
 	resplen = 0;
 	if (ocsp_sign(&ocsp_ctx, cert_status, revocation_time, this_update,
 		signer_cert, signer_cert_len, &sign_key,

tools/tlcp_server.c

@@ -331,17 +331,22 @@ restart:
 	if (tls_init(&conn, &ctx) != 1
 		|| tls_set_socket(&conn, conn_sock) != 1) {
 		error_print();
-		return -1;
+		tls_socket_close(conn_sock);
+		goto restart;
 	}
 
 	if (tls_socket_set_nonblocking(conn_sock, 1) != 1) {
 		error_print();
-		return -1;
+		tls_cleanup(&conn);
+		tls_socket_close(conn_sock);
+		goto restart;
 	}
 
 	if (do_handshake_select(&conn) != 1) {
 		error_print();
-		return -1;
+		tls_cleanup(&conn);
+		tls_socket_close(conn_sock);
+		goto restart;
 	}
 
 	for (;;) {