Skip to content

Commit

Permalink
ssl: avoid undefined behavior in wolfSSL_sk_pop_free
Browse files Browse the repository at this point in the history 
dont't use type specific free function with generic `void (*)(void*)`
pointer.
  • Loading branch information
@rizlik
rizlik committed Oct 3, 2024
1 parent a70ba08 commit 89e6cf9
Showing 1 changed file with 88 additions and 89 deletions.
177 changes: 88 additions & 89 deletions src/ssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16993,105 +16993,104 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
func = (wolfSSL_sk_freefunc)wolfSSL_ACCESS_DESCRIPTION_free;
}
#endif
if (func == NULL) {
switch(sk->type) {
case STACK_TYPE_ACCESS_DESCRIPTION:
#if defined(OPENSSL_ALL)
func = (wolfSSL_sk_freefunc)wolfSSL_ACCESS_DESCRIPTION_free;
#endif
break;
case STACK_TYPE_X509:
func = (wolfSSL_sk_freefunc)wolfSSL_X509_free;
break;
case STACK_TYPE_X509_OBJ:
#ifdef OPENSSL_ALL
func = (wolfSSL_sk_freefunc)wolfSSL_X509_OBJECT_free;
#endif
break;
case STACK_TYPE_OBJ:
func = (wolfSSL_sk_freefunc)wolfSSL_ASN1_OBJECT_free;
break;
case STACK_TYPE_DIST_POINT:
#ifdef OPENSSL_EXTRA
func = (wolfSSL_sk_freefunc)wolfSSL_DIST_POINT_free;
#endif
break;
case STACK_TYPE_GEN_NAME:
func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_NAME_free;
break;
case STACK_TYPE_STRING:
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
func = (wolfSSL_sk_freefunc)wolfSSL_WOLFSSL_STRING_free;
#endif
break;
case STACK_TYPE_X509_NAME:
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
func = (wolfSSL_sk_freefunc)wolfSSL_X509_NAME_free;
#endif
break;
case STACK_TYPE_X509_NAME_ENTRY:
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
func = (wolfSSL_sk_freefunc)wolfSSL_X509_NAME_ENTRY_free;
#endif
break;
case STACK_TYPE_X509_EXT:
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
func = (wolfSSL_sk_freefunc)wolfSSL_X509_EXTENSION_free;
#endif
break;
case STACK_TYPE_X509_REQ_ATTR:
#if defined(OPENSSL_ALL) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ))
func = (wolfSSL_sk_freefunc)wolfSSL_X509_ATTRIBUTE_free;
#endif
break;
case STACK_TYPE_CONF_VALUE:
#if defined(OPENSSL_ALL)
func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free;
#endif
break;
case STACK_TYPE_X509_INFO:
#if defined(OPENSSL_ALL)
func = (wolfSSL_sk_freefunc)wolfSSL_X509_INFO_free;
#endif
break;
case STACK_TYPE_BIO:
while (sk != NULL) {
WOLFSSL_STACK* next = sk->next;

if (func == NULL) {
switch(sk->type) {
case STACK_TYPE_ACCESS_DESCRIPTION:
#if defined(OPENSSL_ALL)
wolfSSL_ACCESS_DESCRIPTION_free((WOLFSSL_ACCESS_DESCRIPTION*)sk->data.generic);
#endif
break;
case STACK_TYPE_X509:
wolfSSL_X509_free((WOLFSSL_X509*)sk->data.generic);
break;
case STACK_TYPE_X509_OBJ:
#ifdef OPENSSL_ALL
wolfSSL_X509_OBJECT_free((WOLFSSL_X509_OBJECT*)sk->data.generic);
#endif
break;
case STACK_TYPE_OBJ:
wolfSSL_ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT*)sk->data.generic);
break;
case STACK_TYPE_DIST_POINT:
#ifdef OPENSSL_EXTRA
wolfSSL_DIST_POINT_free((WOLFSSL_DIST_POINT*)sk->data.generic);
#endif
break;
case STACK_TYPE_GEN_NAME:
wolfSSL_GENERAL_NAME_free((WOLFSSL_GENERAL_NAME*)sk->data.generic);
break;
case STACK_TYPE_STRING:
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL_WOLFSSL_STRING_free((WOLFSSL_STRING)sk->data.generic);
#endif
break;
case STACK_TYPE_X509_NAME:
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)sk->data.generic);
#endif
break;
case STACK_TYPE_X509_NAME_ENTRY:
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_ENTRY_free((WOLFSSL_X509_NAME_ENTRY*)sk->data.generic);
#endif
break;
case STACK_TYPE_X509_EXT:
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
wolfSSL_X509_EXTENSION_free((WOLFSSL_X509_EXTENSION*)sk->data.generic);
#endif
break;
case STACK_TYPE_X509_REQ_ATTR:
#if defined(OPENSSL_ALL) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ))
wolfSSL_X509_ATTRIBUTE_free((WOLFSSL_X509_ATTRIBUTE*)sk->data.generic);
#endif
break;
case STACK_TYPE_CONF_VALUE:
#if defined(OPENSSL_ALL)
wolfSSL_X509V3_conf_free((WOLFSSL_CONF_VALUE*)sk->data.generic);
#endif
break;
case STACK_TYPE_X509_INFO:
#if defined(OPENSSL_ALL)
wolfSSL_X509_INFO_free((WOLFSSL_X509_INFO*)sk->data.generic);
#endif
break;
case STACK_TYPE_BIO:
#if !defined(NO_BIO) && defined(OPENSSL_EXTRA)
func = (wolfSSL_sk_freefunc)wolfSSL_BIO_vfree;
wolfSSL_BIO_vfree((WOLFSSL_BIO*)sk->data.generic);
#endif
break;
case STACK_TYPE_BY_DIR_entry:
break;
case STACK_TYPE_BY_DIR_entry:
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_entry_free;
wolfSSL_BY_DIR_entry_free((WOLFSSL_BY_DIR_entry*)sk->data.generic);
#endif
break;
case STACK_TYPE_BY_DIR_hash:
break;
case STACK_TYPE_BY_DIR_hash:
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_HASH_free;
wolfSSL_BY_DIR_HASH_free((WOLFSSL_BY_DIR_HASH*)sk->data.generic);
#endif
break;
case STACK_TYPE_X509_CRL:
break;
case STACK_TYPE_X509_CRL:
#if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
func = (wolfSSL_sk_freefunc)wolfSSL_X509_CRL_free;
wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)sk->data.generic);
#endif
break;
case STACK_TYPE_CIPHER:
case STACK_TYPE_NULL:
default:
break;
break;
case STACK_TYPE_CIPHER:
case STACK_TYPE_NULL:
default:
break;
}
}
}

while (sk != NULL) {
WOLFSSL_STACK* next = sk->next;

if (func != NULL) {
if (sk->type != STACK_TYPE_CIPHER)
func(sk->data.generic);
else if (sk->type != STACK_TYPE_CIPHER) {
func(sk->data.generic);
}

XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
sk = next;
}
Expand Down

0 comments on commit 89e6cf9

Please sign in to comment.