From cdd43c96109d1c348e0cfba872f803c922399731 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Wed, 17 Jun 2026 00:00:24 +0800 Subject: [PATCH] Add certs length check --- CMakeLists.txt | 2 +- include/gmssl/version.h | 2 +- src/tls.c | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8308dab8..c6f8dc66 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -818,7 +818,7 @@ endif() # set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") -set(CPACK_PACKAGE_VERSION "3.2.0-dev.1066") +set(CPACK_PACKAGE_VERSION "3.2.0-dev.1067") set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_NSIS_MODIFY_PATH ON) include(CPack) diff --git a/include/gmssl/version.h b/include/gmssl/version.h index d8b08d40..56dc3965 100644 --- a/include/gmssl/version.h +++ b/include/gmssl/version.h @@ -18,7 +18,7 @@ extern "C" { #define GMSSL_VERSION_NUM 30200 -#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1066" +#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1067" int gmssl_version_num(void); const char *gmssl_version_str(void); diff --git a/src/tls.c b/src/tls.c index 401ecf65..f247a875 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1717,7 +1717,8 @@ int tls_record_set_handshake_certificate(uint8_t *record, size_t *recordlen, return 1; } -// FIXME: 这个函数没有提供缓冲区的长度限制 +// FIXME: 这个函数语义应该修改,只返回 uint24array[] 的证书数组,然后整个库内部都用这个结构来存储证书链、证书数组 +// 目前直接用DER格式拼接到一起的设计不好。这个函数容易发生溢出 int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs, size_t *certslen) { int type; @@ -1738,6 +1739,10 @@ int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs, error_print(); return -1; } + if (datalen > TLS_MAX_CERTIFICATES_SIZE) { + error_print(); + return -1; + } *certslen = 0; while (len) {