Fix string compare functions

Author: padelsbach

.github/workflows/test-units.yml

@@ -10,6 +10,14 @@ jobs:
   unit_tests:
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        mode:
+          - name: normal
+            make_args: ""
+          - name: asan
+            make_args: "ASAN=1"
 
     steps:
       - uses: actions/checkout@v4
@@ -23,10 +31,12 @@ jobs:
         run: |
           make keysclean && make -C tools/keytools clean && rm -f include/target.h
 
-      - name: Build unit tests
+      - name: Build unit tests (${{ matrix.mode.name }})
         run: |
-          make -C tools/unit-tests
+          make -C tools/unit-tests ${{ matrix.mode.make_args }}
 
-      - name: Run unit tests
+      - name: Run unit tests (${{ matrix.mode.name }})
+        env:
+          ASAN_OPTIONS: abort_on_error=1:detect_leaks=1
         run: |
-          make -C tools/unit-tests run
+          make -C tools/unit-tests ${{ matrix.mode.make_args }} run

src/libwolfboot.c

@@ -861,51 +861,74 @@ void RAMFUNCTION wolfBoot_success(void)
  */
 uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr)
 {
-    uint8_t *p = haystack;
+    uint8_t *p;
     uint16_t len, htype;
-    const volatile uint8_t *max_p = (haystack - IMAGE_HEADER_OFFSET) +
-                                                    IMAGE_HEADER_SIZE;
+    uintptr_t p_addr, max_addr;
+
     *ptr = NULL;
-    if (p > max_p) {
+
+    if (haystack == NULL) {
+        unit_dbg("Illegal address (NULL)\n");
+        return 0;
+    }
+
+    p_addr = (uintptr_t)haystack;
+    if (p_addr < IMAGE_HEADER_OFFSET) {
+        unit_dbg("Illegal address (too low)\n");
+        return 0;
+    }
+
+    max_addr = p_addr - IMAGE_HEADER_OFFSET;
+    if (max_addr > (UINTPTR_MAX - IMAGE_HEADER_SIZE)) {
+        unit_dbg("Illegal address (overflow)\n");
+        return 0;
+    }
+    max_addr += IMAGE_HEADER_SIZE;
+
+    if (p_addr > max_addr) {
         unit_dbg("Illegal address (too high)\n");
         return 0;
     }
-    while ((p + 4) < max_p) {
+
+    while (p_addr < max_addr) {
+        if ((max_addr - p_addr) < 4U) {
+            break;
+        }
+        p = (uint8_t *)p_addr;
         htype = p[0] | (p[1] << 8);
         if (htype == 0) {
             unit_dbg("Explicit end of options reached\n");
             break;
         }
         /* skip unaligned half-words and padding bytes */
-        if ((p[0] == HDR_PADDING) || ((((size_t)p) & 0x01) != 0)) {
-            p++;
+        if ((p[0] == HDR_PADDING) || ((p_addr & 0x01U) != 0U)) {
+            p_addr++;
             continue;
         }
 
         len = p[2] | (p[3] << 8);
         /* check len */
-        if ((4 + len) > (uint16_t)(IMAGE_HEADER_SIZE - IMAGE_HEADER_OFFSET)) {
+        if ((4U + len) > (uint16_t)(IMAGE_HEADER_SIZE - IMAGE_HEADER_OFFSET)) {
             unit_dbg("This field is too large (bigger than the space available "
                      "in the current header)\n");
-            unit_dbg("%d %d %d\n", len, IMAGE_HEADER_SIZE, IMAGE_HEADER_OFFSET);
+            unit_dbg("%u %u %u\n", (unsigned int)len,
+                     (unsigned int)IMAGE_HEADER_SIZE,
+                     (unsigned int)IMAGE_HEADER_OFFSET);
             break;
         }
         /* check max pointer */
-        if (p + 4 + len > max_p) {
+        if ((max_addr - p_addr) < (uintptr_t)(4U + len)) {
             unit_dbg("This field is too large and would overflow the image "
                      "header\n");
             break;
         }
 
-        /* skip header [type|len] */
-        p += 4;
-
         if (htype == type) {
             /* found, return pointer to data portion */
-            *ptr = p;
+            *ptr = (uint8_t *)(p_addr + 4U);
             return len;
         }
-        p += len;
+        p_addr += (uintptr_t)(4U + len);
     }
     return 0;
 }

src/string.c

@@ -105,54 +105,41 @@ char *strcat(char *dest, const char *src)
 
 int strcmp(const char *s1, const char *s2)
 {
-    int diff = 0;
-
-    while (!diff && *s1) {
-        diff = (int)*s1 - (int)*s2;
-        s1++;
-        s2++;
+    while (*s1 && *s2) {
+        int c1 = ((unsigned char)*s1++);
+        int c2 = ((unsigned char)*s2++);
+        if (c1 != c2)
+            return c1 - c2;
     }
-
-    return diff;
+    return ((unsigned char)*s1) - ((unsigned char)*s2);
 }
 #endif /* Renesas CCRX */
 
 int strcasecmp(const char *s1, const char *s2)
 {
-    int diff = 0;
-
-    while (!diff && *s1) {
-        diff = (int)*s1 - (int)*s2;
-
-        if (((diff == 'A' - 'a') || (diff == 'a' - 'A')) &&
-                (isalpha((unsigned char)*s1) && isalpha((unsigned char)*s2)))
-            diff = 0;
-
-        s1++;
-        s2++;
+    while (*s1 && *s2) {
+        int c1 = tolower((unsigned char)*s1++);
+        int c2 = tolower((unsigned char)*s2++);
+        if (c1 != c2)
+            return c1 - c2;
     }
-
-    return diff;
+    return tolower((unsigned char)*s1) - tolower((unsigned char)*s2);
 }
 
 int strncasecmp(const char *s1, const char *s2, size_t n)
 {
-    int diff = 0;
-    size_t i = 0;
-
-    while (!diff && *s1) {
-        diff = (int)*s1 - (int)*s2;
+    if (n == 0)
+        return 0;
 
-        if (((diff == 'A' - 'a') || (diff == 'a' - 'A')) &&
-                (isalpha((unsigned char)*s1) && isalpha((unsigned char)*s2)))
-            diff = 0;
-
-        s1++;
-        s2++;
-        if (++i >= n)
-            break;
+    while (n--) {
+        int c1 = tolower((unsigned char)*s1++);
+        int c2 = tolower((unsigned char)*s2++);
+        if (c1 != c2)
+            return c1 - c2;
+        if (c1 == '\0')
+            return 0;
     }
-    return diff;
+    return 0;
 }
 
 #if !defined(__CCRX__) /* Renesas CCRX */
@@ -202,7 +189,7 @@ char *strcpy(char *dst, const char *src)
 {
    size_t i = 0;
 
-    while(1) {
+    while (1) {
         dst[i] = src[i];
         if (src[i] == '\0')
             break;

tools/unit-tests/Makefile

@@ -22,6 +22,12 @@ CFLAGS+=-DUNIT_TEST -DWOLFSSL_USER_SETTINGS
 LDFLAGS+=-fprofile-arcs
 LDFLAGS+=-ftest-coverage
 
+ASAN?=0
+ifeq ($(ASAN),1)
+	CFLAGS+=-fsanitize=address -fno-omit-frame-pointer -O1
+	LDFLAGS+=-fsanitize=address
+endif
+
 
 
 
@@ -33,6 +39,12 @@ TESTS:=unit-parser unit-extflash unit-string unit-spi-flash unit-aes128 \
 
 all: $(TESTS)
 
+asan:
+	$(MAKE) ASAN=1 all
+
+asan-run:
+	$(MAKE) ASAN=1 run
+
 cov:
 	gcovr -f "^\.\.\/\.\.\/src.*\.c" -r ../.. --verbose \
 		--merge-mode-functions merge-use-line-0 \
@@ -73,6 +85,7 @@ unit-update-flash:CFLAGS+=-DMOCK_PARTITIONS -DWOLFBOOT_NO_SIGN -DUNIT_TEST_AUTH
 unit-update-ram:CFLAGS+=-DMOCK_PARTITIONS -DWOLFBOOT_NO_SIGN -DUNIT_TEST_AUTH \
 	-DWOLFBOOT_HASH_SHA256 -DPRINTF_ENABLED -DEXT_FLASH -DPART_UPDATE_EXT \
 	-DPART_SWAP_EXT -DPART_BOOT_EXT -DWOLFBOOT_DUALBOOT -DNO_XIP
+unit-string:CFLAGS+=-fno-builtin
 
 
 WOLFCRYPT_CFLAGS+=-DWOLFBOOT_SIGN_ECC256 -DWOLFBOOT_SIGN_ECC256 -DHAVE_ECC_KEY_IMPORT -D__WOLFBOOT
@@ -175,4 +188,4 @@ covclean:
 clean: covclean
 	rm -f $(TESTS) *.o *.gcno *.gcda coverage.*
 
-.PHONY: FORCE
+.PHONY: FORCE asan asan-run

tools/unit-tests/unit-disk

@@ -81,7 +81,8 @@ START_TEST (test_nvm_update_with_encryption)
     wolfBoot_erase_partition(PART_SWAP);
     ck_assert(erased_swap == 1);
     for (i = 0; i < WOLFBOOT_SECTOR_SIZE; i+=4) {
-        uint32_t *word = ((uint32_t *)((uintptr_t)WOLFBOOT_PARTITION_SWAP_ADDRESS + i));
+        uint32_t *word = (uint32_t *)unit_mock_flash_ptr(
+                (uintptr_t)WOLFBOOT_PARTITION_SWAP_ADDRESS + (uintptr_t)i);
         ck_assert(*word == 0xFFFFFFFF);
     }
 

tools/unit-tests/unit-enc-nvm.c

@@ -341,7 +341,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 
 START_TEST(test_verify_signature)
 {
-    uint8_t pubkey[32];
+    uint8_t sig[ECC_IMAGE_SIGNATURE_SIZE] = {0};
     struct wolfBoot_image test_img;
 
     test_img.part = PART_UPDATE;
@@ -352,13 +352,13 @@ START_TEST(test_verify_signature)
     ck_assert_int_eq(verify_called, 0);
 
     ecc_init_fail = 1;
-    wolfBoot_verify_signature_ecc(0, NULL, pubkey);
+    wolfBoot_verify_signature_ecc(0, NULL, sig);
     ck_assert_int_eq(verify_called, 0);
 
     ecc_init_fail = 0;
     verify_called = 0;
     ecc_import_fail = 1;
-    wolfBoot_verify_signature_ecc(0, NULL, pubkey);
+    wolfBoot_verify_signature_ecc(0, NULL, sig);
     ck_assert_int_eq(verify_called, 0);
 
     ecc_init_fail = 0;
@@ -368,7 +368,7 @@ START_TEST(test_verify_signature)
     ext_flash_erase(0, 2 * WOLFBOOT_SECTOR_SIZE);
     ext_flash_write(0, test_img_v200000000_signed_bin,
             test_img_len);
-    wolfBoot_verify_signature_ecc(0, &test_img, pubkey);
+    wolfBoot_verify_signature_ecc(0, &test_img, sig);
     ck_assert_int_eq(verify_called, 1);
 }
 END_TEST