Rationalize snprintf() usage in X.509 modules

This commit is contained in:
Manuel Pégourié-Gonnard 2015-06-22 11:12:02 +02:00
parent 7b6dcbe993
commit 1685368408
6 changed files with 61 additions and 262 deletions

View file

@ -72,7 +72,7 @@
* Name ID Nr of Errors
* PEM 1 9
* PKCS#12 1 4 (Started from top)
* X509 2 18
* X509 2 19
* PKCS5 2 4 (Started from top)
* DHM 3 9
* PK 3 14 (Started from top)

View file

@ -76,6 +76,7 @@
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */
/* \} name */
/**
@ -306,6 +307,15 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
unsigned char *sig, size_t size );
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if( ret < 0 || (size_t) ret >= n ) \
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
\
n -= (size_t) ret; \
p += (size_t) ret; \
} while( 0 )
#ifdef __cplusplus
}
#endif

View file

@ -662,58 +662,6 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
return( 0 );
}
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
!defined(EFI32)
#include <stdarg.h>
#if !defined vsnprintf
#define vsnprintf _vsnprintf
#endif // vsnprintf
/*
* Windows _snprintf and _vsnprintf are not compatible to linux versions.
* Result value is not size of buffer needed, but -1 if no fit is possible.
*
* This fuction tries to 'fix' this by at least suggesting enlarging the
* size by 20.
*/
static int compat_snprintf( char *str, size_t size, const char *format, ... )
{
va_list ap;
int res = -1;
va_start( ap, format );
res = vsnprintf( str, size, format, ap );
va_end( ap );
// No quick fix possible
if( res < 0 )
return( (int) size + 20 );
return( res );
}
#define snprintf compat_snprintf
#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
#define ERR_BUF_TOO_SMALL -2
#define SAFE_SNPRINTF() \
{ \
if( ret == -1 ) \
return( -1 ); \
\
if( (unsigned int) ret > n ) { \
p[n - 1] = '\0'; \
return( ERR_BUF_TOO_SMALL ); \
} \
\
n -= (unsigned int) ret; \
p += (unsigned int) ret; \
}
/*
* Store the name in printable form into buf; no more
* than size characters will be written
@ -744,7 +692,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
if( name != dn )
{
ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
}
ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
@ -753,7 +701,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
ret = mbedtls_snprintf( p, n, "%s=", short_name );
else
ret = mbedtls_snprintf( p, n, "\?\?=" );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
for( i = 0; i < name->val.len; i++ )
{
@ -767,7 +715,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
}
s[i] = '\0';
ret = mbedtls_snprintf( p, n, "%s", s );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
merge = name->next_merged;
name = name->next;
@ -799,13 +747,13 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
ret = mbedtls_snprintf( p, n, "%02X%s",
serial->p[i], ( i < nr - 1 ) ? ":" : "" );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
}
if( nr != serial->len )
{
ret = mbedtls_snprintf( p, n, "...." );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
}
return( (int) ( size - n ) );
@ -828,7 +776,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s
ret = mbedtls_snprintf( p, n, "???" );
else
ret = mbedtls_snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
@ -845,7 +793,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s
md_info ? mbedtls_md_get_name( md_info ) : "???",
mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
pss_opts->expected_salt_len );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
}
#else
((void) pk_alg);
@ -865,11 +813,8 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
size_t n = buf_size;
int ret;
if( strlen( name ) + sizeof( " key size" ) > buf_size )
return( ERR_BUF_TOO_SMALL );
ret = mbedtls_snprintf( p, n, "%s key size", name );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
return( 0 );
}

View file

@ -569,58 +569,6 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
}
#endif /* MBEDTLS_FS_IO */
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
!defined(EFI32)
#include <stdarg.h>
#if !defined vsnprintf
#define vsnprintf _vsnprintf
#endif // vsnprintf
/*
* Windows _snprintf and _vsnprintf are not compatible to linux versions.
* Result value is not size of buffer needed, but -1 if no fit is possible.
*
* This fuction tries to 'fix' this by at least suggesting enlarging the
* size by 20.
*/
static int compat_snprintf( char *str, size_t size, const char *format, ... )
{
va_list ap;
int res = -1;
va_start( ap, format );
res = vsnprintf( str, size, format, ap );
va_end( ap );
// No quick fix possible
if( res < 0 )
return( (int) size + 20 );
return( res );
}
#define snprintf compat_snprintf
#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
#define ERR_BUF_TOO_SMALL -2
#define SAFE_SNPRINTF() \
{ \
if( ret == -1 ) \
return( -1 ); \
\
if( (unsigned int) ret > n ) { \
p[n - 1] = '\0'; \
return( ERR_BUF_TOO_SMALL ); \
} \
\
n -= (unsigned int) ret; \
p += (unsigned int) ret; \
}
/*
* Return an informational string about the certificate.
*/
@ -642,61 +590,61 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "%sCRL version : %d",
prefix, crl->version );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%sthis update : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crl->this_update.year, crl->this_update.mon,
crl->this_update.day, crl->this_update.hour,
crl->this_update.min, crl->this_update.sec );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%snext update : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crl->next_update.year, crl->next_update.mon,
crl->next_update.day, crl->next_update.hour,
crl->next_update.min, crl->next_update.sec );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
entry = &crl->entry;
ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
while( entry != NULL && entry->raw.len != 0 )
{
ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " revocation date: " \
"%04d-%02d-%02d %02d:%02d:%02d",
entry->revocation_date.year, entry->revocation_date.mon,
entry->revocation_date.day, entry->revocation_date.hour,
entry->revocation_date.min, entry->revocation_date.sec );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
entry = entry->next;
}
ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
crl->sig_opts );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n" );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
return( (int) ( size - n ) );
}

View file

@ -1194,58 +1194,6 @@ cleanup:
}
#endif /* MBEDTLS_FS_IO */
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
!defined(EFI32)
#include <stdarg.h>
#if !defined vsnprintf
#define vsnprintf _vsnprintf
#endif // vsnprintf
/*
* Windows _snprintf and _vsnprintf are not compatible to linux versions.
* Result value is not size of buffer needed, but -1 if no fit is possible.
*
* This fuction tries to 'fix' this by at least suggesting enlarging the
* size by 20.
*/
static int compat_snprintf( char *str, size_t size, const char *format, ... )
{
va_list ap;
int res = -1;
va_start( ap, format );
res = vsnprintf( str, size, format, ap );
va_end( ap );
// No quick fix possible
if( res < 0 )
return( (int) size + 20 );
return( res );
}
#define snprintf compat_snprintf
#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
#define ERR_BUF_TOO_SMALL -2
#define SAFE_SNPRINTF() \
{ \
if( ret == -1 ) \
return( -1 ); \
\
if( (unsigned int) ret > n ) { \
p[n - 1] = '\0'; \
return( ERR_BUF_TOO_SMALL ); \
} \
\
n -= (unsigned int) ret; \
p += (unsigned int) ret; \
}
static int x509_info_subject_alt_name( char **buf, size_t *size,
const mbedtls_x509_sequence *subject_alt_name )
{
@ -1261,7 +1209,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
if( cur->buf.len + sep_len >= n )
{
*p = '\0';
return( ERR_BUF_TOO_SMALL );
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
}
n -= cur->buf.len + sep_len;
@ -1287,7 +1235,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
#define PRINT_ITEM(i) \
{ \
ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
SAFE_SNPRINTF(); \
MBEDTLS_X509_SAFE_SNPRINTF; \
sep = ", "; \
}
@ -1360,7 +1308,7 @@ static int x509_info_ext_key_usage( char **buf, size_t *size,
desc = "???";
ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
sep = ", ";
@ -1391,44 +1339,44 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
prefix, crt->version );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "%sserial number : ",
prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets( p, n, &crt->issuer );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%sissued on : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crt->valid_from.year, crt->valid_from.mon,
crt->valid_from.day, crt->valid_from.hour,
crt->valid_from.min, crt->valid_from.sec );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \
"%04d-%02d-%02d %02d:%02d:%02d", prefix,
crt->valid_to.year, crt->valid_to.mon,
crt->valid_to.day, crt->valid_to.hour,
crt->valid_to.min, crt->valid_to.sec );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
crt->sig_md, crt->sig_opts );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
/* Key size */
if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
@ -1439,7 +1387,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
(int) mbedtls_pk_get_bitlen( &crt->pk ) );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
/*
* Optional extensions
@ -1449,19 +1397,19 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
{
ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
crt->ca_istrue ? "true" : "false" );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
if( crt->max_pathlen > 0 )
{
ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
}
}
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
if( ( ret = x509_info_subject_alt_name( &p, &n,
&crt->subject_alt_names ) ) != 0 )
@ -1471,7 +1419,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
{
ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
return( ret );
@ -1480,7 +1428,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
{
ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
return( ret );
@ -1489,7 +1437,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
{
ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
if( ( ret = x509_info_ext_key_usage( &p, &n,
&crt->ext_key_usage ) ) != 0 )
@ -1497,7 +1445,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
}
ret = mbedtls_snprintf( p, n, "\n" );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
return( (int) ( size - n ) );
}
@ -1545,7 +1493,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
continue;
ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
flags ^= cur->code;
}
@ -1553,7 +1501,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
{
ret = mbedtls_snprintf( p, n, "%sUnknown reason "
"(this should not happen)\n", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
}
return( (int) ( size - n ) );

View file

@ -327,58 +327,6 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
}
#endif /* MBEDTLS_FS_IO */
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
!defined(EFI32)
#include <stdarg.h>
#if !defined vsnprintf
#define vsnprintf _vsnprintf
#endif // vsnprintf
/*
* Windows _snprintf and _vsnprintf are not compatible to linux versions.
* Result value is not size of buffer needed, but -1 if no fit is possible.
*
* This fuction tries to 'fix' this by at least suggesting enlarging the
* size by 20.
*/
static int compat_snprintf( char *str, size_t size, const char *format, ... )
{
va_list ap;
int res = -1;
va_start( ap, format );
res = vsnprintf( str, size, format, ap );
va_end( ap );
// No quick fix possible
if( res < 0 )
return( (int) size + 20 );
return( res );
}
#define snprintf compat_snprintf
#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
#define ERR_BUF_TOO_SMALL -2
#define SAFE_SNPRINTF() \
{ \
if( ret == -1 ) \
return( -1 ); \
\
if( (unsigned int) ret > n ) { \
p[n - 1] = '\0'; \
return( ERR_BUF_TOO_SMALL ); \
} \
\
n -= (unsigned int) ret; \
p += (unsigned int) ret; \
}
#define BEFORE_COLON 14
#define BC "14"
/*
@ -397,19 +345,19 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "%sCSR version : %d",
prefix, csr->version );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
csr->sig_opts );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
@ -419,7 +367,7 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
(int) mbedtls_pk_get_bitlen( &csr->pk ) );
SAFE_SNPRINTF();
MBEDTLS_X509_SAFE_SNPRINTF;
return( (int) ( size - n ) );
}