From ddb9a8673f3476a0a7190bf4870ce5dae4b8415f Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 23 Dec 2024 23:26:51 -0800 Subject: [PATCH] fix for check on number of objects when free'ing and add test case --- .github/workflows/haproxy.yml | 91 +++++++++++++++++++++++++++++++++++ src/x509_str.c | 10 ++-- 2 files changed, 96 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/haproxy.yml diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml new file mode 100644 index 0000000000..fa1ac5bef8 --- /dev/null +++ b/.github/workflows/haproxy.yml @@ -0,0 +1,91 @@ +name: haproxy Test + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-22.04 + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-haproxy + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-haproxy + path: build-dir.tgz + retention-days: 5 + + test_haproxy: + name: ${{ matrix.haproxy_ref }} + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-22.04 + # This should be a safe limit for the tests to run. + timeout-minutes: 15 + needs: build_wolfssl + strategy: + fail-fast: false + matrix: + haproxy_ref: [ 'v3.1.0' ] + steps: + - name: Install test dependencies + run: | + sudo apt-get update + sudo apt-get install libpcre2-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-haproxy + + - name: untar build-dir + run: tar -xf build-dir.tgz + + # check cache for haproxy if not there then download it + - name: Check haproxy cache + uses: actions/cache@v4 + id: cache-haproxy + with: + path: build-dir/haproxy-${{matrix.haproxy_ref}} + key: haproxy-${{matrix.haproxy_ref}} + + - name: Download haproxy if needed + if: steps.cache-haproxy.outputs.cache-hit != 'true' + uses: actions/checkout@v3 + with: + repository: haproxy/haproxy + ref: ${{matrix.haproxy_ref}} + path: build-dir/haproxy-${{matrix.haproxy_ref}} + + - name: Build haproxy + working-directory: build-dir/haproxy-${{matrix.haproxy_ref}} + run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" + + - name: Build haproxy vtest + working-directory: build-dir/haproxy-${{matrix.haproxy_ref}} + run: ./scripts/build-vtest.sh + + - name: Test haproxy + working-directory: build-dir/haproxy-${{matrix.haproxy_ref}} + run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/* diff --git a/src/x509_str.c b/src/x509_str.c index ce8f0e28ea..007bdd8e74 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1154,8 +1154,11 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, WOLFSSL_X509_OBJECT *obj = NULL; int cnt = store->numAdded; + /* -1 here because it is later used as an index value into the object stack. + * With there being the chance that the only object in the stack is one from + * the numAdded to the store >= is used when comparing to 0. */ i = wolfSSL_sk_X509_OBJECT_num(objs) - 1; - while (cnt > 0 && i > 0) { + while (cnt > 0 && i >= 0) { /* The inner X509 is owned by somebody else, NULL out the reference */ obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i); if (obj != NULL) { @@ -1913,10 +1916,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( if (ret != NULL) X509StoreFreeObjList(store, ret); if (cert_stack != NULL) { - while (store->numAdded > 0) { - wolfSSL_sk_X509_pop(cert_stack); - store->numAdded--; - } + store->numAdded = 0; wolfSSL_sk_X509_pop_free(cert_stack, NULL); } return NULL;