diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-21 21:04:43 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-21 22:22:30 +0300 |
commit | c593fa6b8280fec44766ff4986950643837bb8ac (patch) | |
tree | 00bfbffb5f2c2fd75aa8d735fcb3a73838dda85f /src/microhttpd/daemon.c | |
parent | 240604a333229d672f97682c4547cc67b5732bac (diff) | |
download | libmicrohttpd-c593fa6b8280fec44766ff4986950643837bb8ac.tar.gz libmicrohttpd-c593fa6b8280fec44766ff4986950643837bb8ac.zip |
Check TLS strings lengths
Diffstat (limited to 'src/microhttpd/daemon.c')
-rw-r--r-- | src/microhttpd/daemon.c | 53 |
1 files changed, 48 insertions, 5 deletions
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index 57f59a57..b4ed655d 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c | |||
@@ -517,8 +517,18 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
517 | #endif | 517 | #endif |
518 | if (NULL != daemon->https_mem_trust) | 518 | if (NULL != daemon->https_mem_trust) |
519 | { | 519 | { |
520 | size_t paramlen; | ||
521 | paramlen = strlen (daemon->https_mem_trust); | ||
522 | if (UINT_MAX < paramlen) | ||
523 | { | ||
524 | #ifdef HAVE_MESSAGES | ||
525 | MHD_DLOG(daemon, | ||
526 | "Too long trust certificate\n"); | ||
527 | #endif | ||
528 | return -1; | ||
529 | } | ||
520 | cert.data = (unsigned char *) daemon->https_mem_trust; | 530 | cert.data = (unsigned char *) daemon->https_mem_trust; |
521 | cert.size = strlen (daemon->https_mem_trust); | 531 | cert.size = (unsigned int) paramlen; |
522 | if (gnutls_certificate_set_x509_trust_mem (daemon->x509_cred, | 532 | if (gnutls_certificate_set_x509_trust_mem (daemon->x509_cred, |
523 | &cert, | 533 | &cert, |
524 | GNUTLS_X509_FMT_PEM) < 0) | 534 | GNUTLS_X509_FMT_PEM) < 0) |
@@ -540,10 +550,24 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
540 | if ( (NULL != daemon->https_mem_cert) && | 550 | if ( (NULL != daemon->https_mem_cert) && |
541 | (NULL != daemon->https_mem_key) ) | 551 | (NULL != daemon->https_mem_key) ) |
542 | { | 552 | { |
553 | size_t param1len; | ||
554 | size_t param2len; | ||
555 | |||
556 | param1len = strlen (daemon->https_mem_key); | ||
557 | param2len = strlen (daemon->https_mem_cert); | ||
558 | if ( (UINT_MAX < param1len) || | ||
559 | (UINT_MAX < param2len) ) | ||
560 | { | ||
561 | #ifdef HAVE_MESSAGES | ||
562 | MHD_DLOG(daemon, | ||
563 | "Too long key or certificate\n"); | ||
564 | #endif | ||
565 | return -1; | ||
566 | } | ||
543 | key.data = (unsigned char *) daemon->https_mem_key; | 567 | key.data = (unsigned char *) daemon->https_mem_key; |
544 | key.size = strlen (daemon->https_mem_key); | 568 | key.size = (unsigned int)param1len; |
545 | cert.data = (unsigned char *) daemon->https_mem_cert; | 569 | cert.data = (unsigned char *) daemon->https_mem_cert; |
546 | cert.size = strlen (daemon->https_mem_cert); | 570 | cert.size = (unsigned int)param2len; |
547 | 571 | ||
548 | if (NULL != daemon->https_key_password) { | 572 | if (NULL != daemon->https_key_password) { |
549 | #if GNUTLS_VERSION_NUMBER >= 0x030111 | 573 | #if GNUTLS_VERSION_NUMBER >= 0x030111 |
@@ -2224,7 +2248,16 @@ psk_gnutls_adapter (gnutls_session_t session, | |||
2224 | free (app_psk); | 2248 | free (app_psk); |
2225 | return -1; | 2249 | return -1; |
2226 | } | 2250 | } |
2227 | key->size = app_psk_size; | 2251 | if (UINT_MAX < app_psk_size) |
2252 | { | ||
2253 | #ifdef HAVE_MESSAGES | ||
2254 | MHD_DLOG (daemon, | ||
2255 | _("PSK authentication failed: PSK too long\n")); | ||
2256 | #endif | ||
2257 | free (app_psk); | ||
2258 | return -1; | ||
2259 | } | ||
2260 | key->size = (unsigned int)app_psk_size; | ||
2228 | memcpy (key->data, | 2261 | memcpy (key->data, |
2229 | app_psk, | 2262 | app_psk, |
2230 | app_psk_size); | 2263 | app_psk_size); |
@@ -5042,6 +5075,7 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
5042 | if (0 != (daemon->options & MHD_USE_TLS)) | 5075 | if (0 != (daemon->options & MHD_USE_TLS)) |
5043 | { | 5076 | { |
5044 | gnutls_datum_t dhpar; | 5077 | gnutls_datum_t dhpar; |
5078 | size_t pstr_len; | ||
5045 | 5079 | ||
5046 | if (gnutls_dh_params_init (&daemon->https_mem_dhparams) < 0) | 5080 | if (gnutls_dh_params_init (&daemon->https_mem_dhparams) < 0) |
5047 | { | 5081 | { |
@@ -5052,7 +5086,16 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
5052 | return MHD_NO; | 5086 | return MHD_NO; |
5053 | } | 5087 | } |
5054 | dhpar.data = (unsigned char *) pstr; | 5088 | dhpar.data = (unsigned char *) pstr; |
5055 | dhpar.size = strlen (pstr); | 5089 | pstr_len = strlen (pstr); |
5090 | if (UINT_MAX < pstr_len) | ||
5091 | { | ||
5092 | #ifdef HAVE_MESSAGES | ||
5093 | MHD_DLOG (daemon, | ||
5094 | _("Diffie-Hellman parameters string too long\n")); | ||
5095 | #endif | ||
5096 | return MHD_NO; | ||
5097 | } | ||
5098 | dhpar.size = (unsigned int) pstr_len; | ||
5056 | if (gnutls_dh_params_import_pkcs3 (daemon->https_mem_dhparams, | 5099 | if (gnutls_dh_params_import_pkcs3 (daemon->https_mem_dhparams, |
5057 | &dhpar, | 5100 | &dhpar, |
5058 | GNUTLS_X509_FMT_PEM) < 0) | 5101 | GNUTLS_X509_FMT_PEM) < 0) |