abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix

Browse Source
This commit is contained in:
Zhi Guan
2026-06-17 16:55:36 +08:00
parent b0e5c4aa1b
commit cad645da20
6 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -819,7 +819,7 @@ endif()
#
set(CPACK_PACKAGE_NAME "GmSSL")
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1084")
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1085")
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
set(CPACK_NSIS_MODIFY_PATH ON)
include(CPack)

2
include/gmssl/version.h
View File

@@ -18,7 +18,7 @@ extern "C" {
#define GMSSL_VERSION_NUM 30200
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1084"
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1085"
int gmssl_version_num(void);
const char *gmssl_version_str(void);

6
tools/certverify.c
View File

@@ -51,9 +51,9 @@ int certverify_main(int argc, char **argv)
char *cacertfile = NULL;
FILE *infp = stdin;
FILE *cacertfp = NULL;
uint8_t cert[1024];
uint8_t cert[8192];
size_t certlen;
uint8_t cacert[1024];
uint8_t cacert[8192];
size_t cacertlen;
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
size_t signer_id_len = 0;
@@ -73,7 +73,7 @@ int certverify_main(int argc, char **argv)
size_t enc_subject_len;
int double_certs = 0;
uint8_t enc_cert[1024];
uint8_t enc_cert[8192];
size_t enc_cert_len;
int rv;

3
tools/cmsencrypt.c
View File

@@ -103,6 +103,9 @@ int cmsencrypt_main(int argc, char **argv)
}
cert = rcpt_certs;
// FIXME: TOCTOU between file_size measurement and fread. If the file shrinks
// after measurement, the buffer is oversized but only actual bytes read are
// encrypted (inlen is updated by fread). If the file grows, data is truncated.
if (get_files_size(argc, argv, "-in", &inlen) != 1) {
goto end;
}

3
tools/ocspsign.c
View File

@@ -452,6 +452,9 @@ bad:
fprintf(stderr, "%s: generate OCSPResponse failure\n", prog);
goto end;
}
// FIXME: resplen = 0 resets buffer capacity before second ocsp_sign call.
// If ocsp_sign() uses *outlen as input buffer capacity, passing 0 may
// allow buffer overflow. Proposed fix: resplen = sizeof(resp);
resplen = 0;
if (ocsp_sign(&ocsp_ctx, cert_status, revocation_time, this_update,
signer_cert, signer_cert_len, &sign_key,

11
tools/tlcp_server.c
View File

@@ -331,17 +331,22 @@ restart:
if (tls_init(&conn, &ctx) != 1
|| tls_set_socket(&conn, conn_sock) != 1) {
error_print();
return -1;
tls_socket_close(conn_sock);
goto restart;
}
if (tls_socket_set_nonblocking(conn_sock, 1) != 1) {
error_print();
return -1;
tls_cleanup(&conn);
tls_socket_close(conn_sock);
goto restart;
}
if (do_handshake_select(&conn) != 1) {
error_print();
return -1;
tls_cleanup(&conn);
tls_socket_close(conn_sock);
goto restart;
}
for (;;) {