diff options
| author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-21 21:04:43 +0300 |
|---|---|---|
| committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-21 22:22:30 +0300 |
| commit | c593fa6b8280fec44766ff4986950643837bb8ac (patch) | |
| tree | 00bfbffb5f2c2fd75aa8d735fcb3a73838dda85f /src/microhttpd/daemon.c | |
| parent | 240604a333229d672f97682c4547cc67b5732bac (diff) | |
| download | libmicrohttpd-c593fa6b8280fec44766ff4986950643837bb8ac.tar.gz libmicrohttpd-c593fa6b8280fec44766ff4986950643837bb8ac.zip | |
Check TLS strings lengths
Diffstat (limited to 'src/microhttpd/daemon.c')
| -rw-r--r-- | src/microhttpd/daemon.c | 53 |
1 files changed, 48 insertions, 5 deletions
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index 57f59a57..b4ed655d 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c | |||
| @@ -517,8 +517,18 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
| 517 | #endif | 517 | #endif |
| 518 | if (NULL != daemon->https_mem_trust) | 518 | if (NULL != daemon->https_mem_trust) |
| 519 | { | 519 | { |
| 520 | size_t paramlen; | ||
| 521 | paramlen = strlen (daemon->https_mem_trust); | ||
| 522 | if (UINT_MAX < paramlen) | ||
| 523 | { | ||
| 524 | #ifdef HAVE_MESSAGES | ||
| 525 | MHD_DLOG(daemon, | ||
| 526 | "Too long trust certificate\n"); | ||
| 527 | #endif | ||
| 528 | return -1; | ||
| 529 | } | ||
| 520 | cert.data = (unsigned char *) daemon->https_mem_trust; | 530 | cert.data = (unsigned char *) daemon->https_mem_trust; |
| 521 | cert.size = strlen (daemon->https_mem_trust); | 531 | cert.size = (unsigned int) paramlen; |
| 522 | if (gnutls_certificate_set_x509_trust_mem (daemon->x509_cred, | 532 | if (gnutls_certificate_set_x509_trust_mem (daemon->x509_cred, |
| 523 | &cert, | 533 | &cert, |
| 524 | GNUTLS_X509_FMT_PEM) < 0) | 534 | GNUTLS_X509_FMT_PEM) < 0) |
| @@ -540,10 +550,24 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
| 540 | if ( (NULL != daemon->https_mem_cert) && | 550 | if ( (NULL != daemon->https_mem_cert) && |
| 541 | (NULL != daemon->https_mem_key) ) | 551 | (NULL != daemon->https_mem_key) ) |
| 542 | { | 552 | { |
| 553 | size_t param1len; | ||
| 554 | size_t param2len; | ||
| 555 | |||
| 556 | param1len = strlen (daemon->https_mem_key); | ||
| 557 | param2len = strlen (daemon->https_mem_cert); | ||
| 558 | if ( (UINT_MAX < param1len) || | ||
| 559 | (UINT_MAX < param2len) ) | ||
| 560 | { | ||
| 561 | #ifdef HAVE_MESSAGES | ||
| 562 | MHD_DLOG(daemon, | ||
| 563 | "Too long key or certificate\n"); | ||
| 564 | #endif | ||
| 565 | return -1; | ||
| 566 | } | ||
| 543 | key.data = (unsigned char *) daemon->https_mem_key; | 567 | key.data = (unsigned char *) daemon->https_mem_key; |
| 544 | key.size = strlen (daemon->https_mem_key); | 568 | key.size = (unsigned int)param1len; |
| 545 | cert.data = (unsigned char *) daemon->https_mem_cert; | 569 | cert.data = (unsigned char *) daemon->https_mem_cert; |
| 546 | cert.size = strlen (daemon->https_mem_cert); | 570 | cert.size = (unsigned int)param2len; |
| 547 | 571 | ||
| 548 | if (NULL != daemon->https_key_password) { | 572 | if (NULL != daemon->https_key_password) { |
| 549 | #if GNUTLS_VERSION_NUMBER >= 0x030111 | 573 | #if GNUTLS_VERSION_NUMBER >= 0x030111 |
| @@ -2224,7 +2248,16 @@ psk_gnutls_adapter (gnutls_session_t session, | |||
| 2224 | free (app_psk); | 2248 | free (app_psk); |
| 2225 | return -1; | 2249 | return -1; |
| 2226 | } | 2250 | } |
| 2227 | key->size = app_psk_size; | 2251 | if (UINT_MAX < app_psk_size) |
| 2252 | { | ||
| 2253 | #ifdef HAVE_MESSAGES | ||
| 2254 | MHD_DLOG (daemon, | ||
| 2255 | _("PSK authentication failed: PSK too long\n")); | ||
| 2256 | #endif | ||
| 2257 | free (app_psk); | ||
| 2258 | return -1; | ||
| 2259 | } | ||
| 2260 | key->size = (unsigned int)app_psk_size; | ||
| 2228 | memcpy (key->data, | 2261 | memcpy (key->data, |
| 2229 | app_psk, | 2262 | app_psk, |
| 2230 | app_psk_size); | 2263 | app_psk_size); |
| @@ -5042,6 +5075,7 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
| 5042 | if (0 != (daemon->options & MHD_USE_TLS)) | 5075 | if (0 != (daemon->options & MHD_USE_TLS)) |
| 5043 | { | 5076 | { |
| 5044 | gnutls_datum_t dhpar; | 5077 | gnutls_datum_t dhpar; |
| 5078 | size_t pstr_len; | ||
| 5045 | 5079 | ||
| 5046 | if (gnutls_dh_params_init (&daemon->https_mem_dhparams) < 0) | 5080 | if (gnutls_dh_params_init (&daemon->https_mem_dhparams) < 0) |
| 5047 | { | 5081 | { |
| @@ -5052,7 +5086,16 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
| 5052 | return MHD_NO; | 5086 | return MHD_NO; |
| 5053 | } | 5087 | } |
| 5054 | dhpar.data = (unsigned char *) pstr; | 5088 | dhpar.data = (unsigned char *) pstr; |
| 5055 | dhpar.size = strlen (pstr); | 5089 | pstr_len = strlen (pstr); |
| 5090 | if (UINT_MAX < pstr_len) | ||
| 5091 | { | ||
| 5092 | #ifdef HAVE_MESSAGES | ||
| 5093 | MHD_DLOG (daemon, | ||
| 5094 | _("Diffie-Hellman parameters string too long\n")); | ||
| 5095 | #endif | ||
| 5096 | return MHD_NO; | ||
| 5097 | } | ||
| 5098 | dhpar.size = (unsigned int) pstr_len; | ||
| 5056 | if (gnutls_dh_params_import_pkcs3 (daemon->https_mem_dhparams, | 5099 | if (gnutls_dh_params_import_pkcs3 (daemon->https_mem_dhparams, |
| 5057 | &dhpar, | 5100 | &dhpar, |
| 5058 | GNUTLS_X509_FMT_PEM) < 0) | 5101 | GNUTLS_X509_FMT_PEM) < 0) |