Skip to content

Add negative-count and NULL checks to group-setting and shared-cipher APIs#10249

Draft
ColtonWilley wants to merge 1 commit intowolfSSL:masterfrom
ColtonWilley:pr15-tls-config-bounds
Draft

Add negative-count and NULL checks to group-setting and shared-cipher APIs#10249
ColtonWilley wants to merge 1 commit intowolfSSL:masterfrom
ColtonWilley:pr15-tls-config-bounds

Conversation

@ColtonWilley
Copy link
Copy Markdown
Contributor

@ColtonWilley ColtonWilley commented Apr 17, 2026

  • wolfSSL_CTX_set_groups / wolfSSL_set_groups: add count < 0 to
    entry guard — negative count passes the upper-bound check and truncates
    to a garbage numGroups byte, causing OOB read during SSL init
  • wolfSSL_CTX_set1_groups / wolfSSL_set1_groups: widen count == 0
    to count <= 0 and add NULL groups check
  • wolfSSL_get_shared_ciphers: add NULL checks for buf and
    wolfSSL_get_cipher_name_iana return value

@ColtonWilley
Fix negative count and NULL pointer checks in group-setting and share…
8cd77b5 
…d cipher APIs

Add count < 0 validation to wolfSSL_CTX_set_groups and wolfSSL_set_groups
(src/tls.c) to prevent negative count from bypassing the upper-bound check
and corrupting numGroups via byte truncation.

Widen count == 0 to count <= 0 and add NULL groups check in
wolfSSL_CTX_set1_groups and wolfSSL_set1_groups (src/ssl.c).

Add NULL buf and NULL cipher checks in wolfSSL_get_shared_ciphers to
prevent NULL pointer dereference.
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 18, 2026

MemBrowse Memory Report

No memory changes detected for:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ColtonWilley