diff --git a/src/conf.c b/src/conf.c index ad7d88f29f6..d63e26e57a0 100644 --- a/src/conf.c +++ b/src/conf.c @@ -90,7 +90,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) char** fieldPtr = NULL; int fieldPtrIdx = 0; char* fieldCheckIdx = NULL; - lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx)); + lineEnd = XSTRNSTR(idx, "\n", (size_t)(bufEnd - idx)); if (!lineEnd) lineEnd = bufEnd; if (idx == lineEnd) /* empty line */ @@ -852,11 +852,11 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) idx = buf; bufEnd = buf + bufLen; while (idx < bufEnd) { - char* lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx)); + char* lineEnd = XSTRNSTR(idx, "\n", (size_t)(bufEnd - idx)); char* maxIdx; if (!lineEnd) lineEnd = bufEnd; /* Last line in file */ - maxIdx = XSTRNSTR(idx, "#", (unsigned int)(lineEnd - idx)); + maxIdx = XSTRNSTR(idx, "#", (size_t)(lineEnd - idx)); if (!maxIdx) maxIdx = lineEnd; line++; diff --git a/src/ssl_load.c b/src/ssl_load.c index 0a0fb9e467c..87e9a0b0b93 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -2677,21 +2677,21 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, /* Look for CA header and footer - same as CERT_TYPE. */ if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) { + (XSTRNSTR((char*)content.buffer, header, sz) != NULL)) { type = CA_TYPE; WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CA_TYPE = %d:", type); } #ifdef HAVE_CRL /* Look for CRL header and footer. */ else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) { + (XSTRNSTR((char*)content.buffer, header, sz) != NULL)) { type = CRL_TYPE; WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CRL_TYPE = %d:", type); } #endif /* Look for cert header and footer - same as CA_TYPE. */ else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)content.buffer, header, (word32)sz) != + (XSTRNSTR((char*)content.buffer, header, sz) != NULL)) { type = CERT_TYPE; WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CERT_TYPE = %d:", type); diff --git a/src/x509.c b/src/x509.c index 46dfd38ed43..9900ea5f24f 100644 --- a/src/x509.c +++ b/src/x509.c @@ -8348,7 +8348,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, do { /* get PEM header and footer based on type */ if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && - XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { + XSTRNSTR((char*)curr, header, sz) != NULL) { #ifdef HAVE_CRL WOLFSSL_CERT_MANAGER* cm = lookup->store->cm; @@ -8365,15 +8365,15 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, if (ret != WOLFSSL_SUCCESS) goto end; #endif - curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); + curr = (byte*)XSTRNSTR((char*)curr, footer, sz); } else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && - XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { + XSTRNSTR((char*)curr, header, sz) != NULL) { ret = X509StoreLoadCertBuffer(lookup->store, curr, (word32)sz, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) goto end; - curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); + curr = (byte*)XSTRNSTR((char*)curr, footer, sz); } else goto end; @@ -13765,13 +13765,12 @@ int wolfSSL_write_X509_CRL(WOLFSSL_X509_CRL* crl, const char* path, int type) while (i < l && wolfSSL_BIO_read(bio, &pem[i], 1) == 1) { i++; if (!header) { - header = XSTRNSTR(pem, "-----BEGIN ", (unsigned int)i); + header = XSTRNSTR(pem, "-----BEGIN ", i); } else if (!headerEnd) { headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----BEGIN "), "-----", - (unsigned int) - (i - (header + XSTR_SIZEOF("-----BEGIN ") - pem))); + i - (header + XSTR_SIZEOF("-----BEGIN ") - pem)); if (headerEnd) { headerEnd += XSTR_SIZEOF("-----"); /* Read in the newline */ @@ -13788,12 +13787,12 @@ int wolfSSL_write_X509_CRL(WOLFSSL_X509_CRL* crl, const char* path, int type) } else if (!footer) { footer = XSTRNSTR(headerEnd, "-----END ", - (unsigned int)(i - (headerEnd - pem))); + i - (headerEnd - pem)); } else if (!footerEnd) { footerEnd = XSTRNSTR(footer + XSTR_SIZEOF("-----"), - "-----", (unsigned int)(i - - (footer + XSTR_SIZEOF("-----") - pem))); + "-----", + i - (footer + XSTR_SIZEOF("-----") - pem)); if (footerEnd) { footerEnd += XSTR_SIZEOF("-----"); /* Now check that footer matches header */ diff --git a/src/x509_str.c b/src/x509_str.c index 90113caede2..a7bb93dbb80 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1737,7 +1737,7 @@ static int X509StoreReadFile(const char *fname, #ifdef HAVE_CRL /* Look for CRL header and footer. */ if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && - (XSTRNSTR((char*)content->buffer, header, (word32)sz) != + (XSTRNSTR((char*)content->buffer, header, sz) != NULL)) { *type = CRL_TYPE; } diff --git a/tests/api/test_wolfmath.c b/tests/api/test_wolfmath.c index ebe19b73874..4c86856dd42 100644 --- a/tests/api/test_wolfmath.c +++ b/tests/api/test_wolfmath.c @@ -70,6 +70,11 @@ int test_mp_get_digit(void) ExpectIntEQ(mp_get_digit(NULL, n), 0); ExpectIntEQ(mp_get_digit(&a, n), 0); + /* negative index must return 0, not index out of bounds */ + ExpectIntEQ(mp_get_digit(&a, -1), 0); + ExpectIntEQ(mp_get_digit(&a, -100), 0); + ExpectIntEQ(mp_get_digit(NULL, -1), 0); + mp_clear(&a); #endif return EXPECT_RESULT(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b095b5c204e..f231aef0764 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -24072,8 +24072,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #endif /* WOLFSSL_ENCRYPTED_KEYS */ /* find footer */ - footerEnd = XSTRNSTR(headerEnd, footer, (unsigned int)((const char*)buff + - sz - headerEnd)); + footerEnd = XSTRNSTR(headerEnd, footer, + (size_t)((const char*)buff + sz - headerEnd)); if (!footerEnd) { if (info) info->consumed = longSz; /* No more certs if no footer */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 92283abdfe7..ba740423ea6 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -4265,9 +4265,9 @@ time_t stm32_hal_time(time_t *t1) #if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \ defined(USE_WOLF_STRNSTR) -char* wolfSSL_strnstr(const char* s1, const char* s2, unsigned int n) +char* wolfSSL_strnstr(const char* s1, const char* s2, size_t n) { - unsigned int s2_len = (unsigned int)XSTRLEN(s2); + size_t s2_len = XSTRLEN(s2); if (s2_len == 0) return (char *)(wc_ptr_t)s1; diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c index e0990fdf4ea..20258001b90 100644 --- a/wolfcrypt/src/wolfmath.c +++ b/wolfcrypt/src/wolfmath.c @@ -98,10 +98,10 @@ int mp_get_digit_count(const mp_int* a) mp_digit mp_get_digit(const mp_int* a, int n) { - if (a == NULL) + if (a == NULL || n < 0) return 0; - return (n < 0 || (unsigned int)n >= (unsigned int)a->used) ? 0 : a->dp[n]; + return ((unsigned int)n >= (unsigned int)a->used) ? 0 : a->dp[n]; } #if defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index ade6b6c1da8..9c595f2b0c9 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1727,7 +1727,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \ defined(USE_WOLF_STRNSTR) - WOLFSSL_TEST_VIS char* wolfSSL_strnstr(const char* s1, const char* s2, unsigned int n); + #include /* for size_t */ + WOLFSSL_TEST_VIS char* wolfSSL_strnstr(const char* s1, const char* s2, size_t n); #endif #ifndef FILE_BUFFER_SIZE