Skip to content

Fix TLSX_EchChangeSNI to check hostname termination#10182

Merged
SparkiDev merged 1 commit into
wolfSSL:masterfrom
embhorn:zd21576
Apr 15, 2026
Merged

Fix TLSX_EchChangeSNI to check hostname termination#10182
SparkiDev merged 1 commit into
wolfSSL:masterfrom
embhorn:zd21576

Conversation

@embhorn

@embhorn embhorn commented Apr 9, 2026

Copy link
Copy Markdown
Member

Description

Add NUL to terminate hostname string

Fixes zd21576

Testing

Added TLSX_EchChangeSNI

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@embhorn embhorn self-assigned this Apr 9, 2026
Copilot AI review requested due to automatic review settings April 9, 2026 20:15
Copilot AI reviewed Apr 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR addresses a crash/overflow risk in ECH SNI handling by ensuring truncated hostnames are NUL-terminated, and adds a regression test to prevent reintroducing the issue.

Changes:

  • Ensure the hostname buffer is NUL-terminated when truncating in TLSX_EchChangeSNI.
  • Add a regression test that uses an overlong inner SNI hostname to exercise truncation and confirm no crash.
  • Register the new test in the API test suite.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/tls.c Adds NUL termination to the truncated SNI hostname buffer to prevent out-of-bounds reads in TLSX_EchRestoreSNI.
tests/api.c Adds and registers a regression test that sets an overlong SNI to exercise the truncation path during ECH handshake.
Comments suppressed due to low confidence (1)

tests/api.c:1

  • The PR description’s “Testing” section says “Added TLSX_EchChangeSNI”, but the actual addition is a regression test test_wolfSSL_Tls13_ECH_long_SNI. Please update the PR description to reflect the real test name (and/or what test coverage was added) so it’s easier to track in CI and future triage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/tls.c
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 13, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10182

Scan targets checked: wolfssl-bugs, wolfssl-compliance, wolfssl-consttime, wolfssl-defaults, wolfssl-mutation, wolfssl-proptest, wolfssl-src, wolfssl-zeroize

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread src/tls.c
@embhorn

embhorn commented Apr 14, 2026

Copy link
Copy Markdown
Member Author

Jenkins retest this please

@embhorn embhorn assigned wolfSSL-Bot and unassigned embhorn Apr 14, 2026
SparkiDev
SparkiDev requested changes Apr 14, 2026
View reviewed changes
Comment thread src/tls.c
@embhorn embhorn requested a review from SparkiDev April 15, 2026 13:14
@embhorn embhorn removed their assignment Apr 15, 2026
@SparkiDev SparkiDev merged commit 6be03a5 into wolfSSL:master Apr 15, 2026
409 checks passed
douzzer added a commit to douzzer/wolfssl that referenced this pull request Apr 16, 2026
@douzzer
src/tls.c, wolfssl/ssl.h, tests/api.c: followup to ff7a32d (wolfSSL#1…
801c412 
…0182):

* Fix OOB heap reads via TLSX_ExtractEch() by preemptively rejecting oversized
  SNI names in TLSX_UseSNI().

* In TLSX_EchChangeSNI(), don't attempt to truncate if an oversized name is
  seen, just return error.

* Move definition of WOLFSSL_HOST_NAME_MAX to an ungated context in ssl.h, and
  use it consistently in tls.c, eliminating the duplicative
  WOLFSSL_HOST_NAME_MAX.
@douzzer douzzer mentioned this pull request Apr 16, 2026
Merged
@embhorn embhorn deleted the zd21576 branch April 24, 2026 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments
@SparkiDev SparkiDev SparkiDev approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@embhorn @SparkiDev @wolfSSL-Fenrir-bot @wolfSSL-Bot