Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix i2d behavior for i2d_SSL_SESSION #1966

Merged
merged 1 commit into from
Nov 8, 2024

Conversation

samuel40791765
Copy link
Contributor

Issues:

Addresses CryptoAlg-2700

Description of changes:

i2d_SSL_SESSION wasn't exactly following the correct behavior of the legacy i2d functions when pp is non-NULL, but *pp is NULL. This caused issues with functions expecting a newly allocated buffer when calling i2d_SSL_SESSION with the recommended documented behavior. See i2d_SAMPLE for more details.

// If |outp| is non-NULL but |*outp| is NULL, the function sets |*outp| to a
// newly-allocated buffer containing the result. The caller is responsible for
// releasing |*outp| with |OPENSSL_free|. This mode is recommended for most
// callers.
//
// If |outp| and |*outp| are non-NULL, the function writes the result to
// |*outp|, which must have enough space available, and advances |*outp| just
// past the output.
//
// WARNING: In the third mode, the function does not internally check output
// bounds. Failing to correctly size the buffer will result in a potentially
// exploitable memory error.
int i2d_SAMPLE(const SAMPLE *in, uint8_t **outp);

Call-outs:

N/A

Testing:

New test below usage of i2d_SSL_SESSION to verify the behavior.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@samuel40791765 samuel40791765 requested a review from a team as a code owner November 5, 2024 02:29
@codecov-commenter
Copy link

codecov-commenter commented Nov 5, 2024

Codecov Report

Attention: Patch coverage is 87.50000% with 1 line in your changes missing coverage. Please review.

Project coverage is 78.75%. Comparing base (48a4057) to head (86a2f57).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
ssl/ssl_asn1.cc 80.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1966      +/-   ##
==========================================
+ Coverage   78.73%   78.75%   +0.02%     
==========================================
  Files         590      590              
  Lines      101428   101476      +48     
  Branches    14384    14394      +10     
==========================================
+ Hits        79856    79916      +60     
+ Misses      20935    20924      -11     
+ Partials      637      636       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@samuel40791765 samuel40791765 merged commit df6b7cd into aws:main Nov 8, 2024
115 of 116 checks passed
@samuel40791765 samuel40791765 deleted the ssl-i2d-fix branch November 8, 2024 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants