Skip to content

Guard against negative length in BIO, I/O callbacks and PKCS12 PBKDF#10208

Open
ColtonWilley wants to merge 2 commits intowolfSSL:masterfrom
ColtonWilley:bio-io-negative-length-checks
Open

Guard against negative length in BIO, I/O callbacks and PKCS12 PBKDF#10208
ColtonWilley wants to merge 2 commits intowolfSSL:masterfrom
ColtonWilley:bio-io-negative-length-checks

Conversation

@ColtonWilley
Copy link
Copy Markdown
Contributor

@ColtonWilley ColtonWilley commented Apr 13, 2026
edited
Loading

Summary

  • src/bio.c: Guard against BIO self-referential chain (UAF) and negative nread/nwrite lengths in wolfSSL_BIO_nread/wolfSSL_BIO_nwrite
  • src/wolfio.c: Guard against negative sz in EmbedSend and EmbedReceive
  • wolfcrypt/src/pwdbased.c: Add pLen/sLen/totalLen overflow checks in wc_PKCS12_PBKDF_ex

Note

The PKCS12 parse fix for stale ci->dataSz bounds (zd21568) is covered by #10172 — this PR is complementary to that fix.

@ColtonWilley ColtonWilley marked this pull request as draft April 13, 2026 21:58
@ColtonWilley ColtonWilley force-pushed the bio-io-negative-length-checks branch from ac1909e to e868939 Compare April 14, 2026 00:46
@ColtonWilley ColtonWilley changed the title Guard against negative length in BIO and I/O callbacks Guard against negative length in BIO, I/O callbacks and PKCS12 PBKDF Apr 14, 2026
@mattia-moffa mattia-moffa self-assigned this Apr 15, 2026
@mattia-moffa mattia-moffa marked this pull request as ready for review April 23, 2026 15:29
Copilot AI review requested due to automatic review settings April 23, 2026 15:29
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026
edited
Loading

MemBrowse Memory Report

No memory changes detected for:

@mattia-moffa
Copy link
Copy Markdown
Contributor

mattia-moffa commented Apr 24, 2026

Jenkins retest this please

ColtonWilley and others added 2 commits April 28, 2026 18:34
@ColtonWilley @mattia-moffa
Guard against negative length in BIO, I/O callbacks and PKCS12 PBKDF
37d66b8 
- src/bio.c: Add BIO self-cycle UAF guard and negative nread/nwrite checks
- src/wolfio.c: Add negative sz guards to EmbedSend/EmbedReceive
- wolfcrypt/src/pwdbased.c: Add pLen/sLen/totalLen overflow checks in
  wc_PKCS12_PBKDF_ex
@mattia-moffa
Additional minor fixes
bfd8834
@mattia-moffa mattia-moffa force-pushed the bio-io-negative-length-checks branch from e02f23f to bfd8834 Compare April 28, 2026 16:34
@mattia-moffa
Copy link
Copy Markdown
Contributor

mattia-moffa commented Apr 28, 2026

Jenkins retest this please

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ColtonWilley @mattia-moffa @wolfSSL-Bot