Skip to content

Static analysis fixes#892

Open
ejohnstown wants to merge 6 commits intowolfSSL:masterfrom
ejohnstown:static-fixes
Open

Static analysis fixes#892
ejohnstown wants to merge 6 commits intowolfSSL:masterfrom
ejohnstown:static-fixes

Conversation

@ejohnstown
Copy link
Contributor

@ejohnstown ejohnstown commented Mar 10, 2026

Fix some bugs found by the wolfSSL static analyzer:

  • Non-constant-time password hash comparison (F-53)
  • DoIgnore Missing Payload Bounds Validation (F-410)
  • DoUserAuthRequestPassword Missing Bounds Check (F-411)
  • DoServiceRequest Missing Bounds Check (F-524, F-525)
  • PrepareUserAuthRequestEcc Missing Bounds Checks (F-526)
  • Unsigned variable compared < 0 (F-48)

Copilot AI review requested due to automatic review settings March 10, 2026 21:54
Copilot AI reviewed Mar 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Addresses several wolfSSL static analyzer findings by hardening bounds checks and making comparisons constant-time.

Changes:

  • Replaced ad-hoc payload skipping/string parsing with GetSkip, GetString, and GetStringRef to add consistent bounds validation.
  • Updated password hash and public key fingerprint comparisons to use constant-time comparison.
  • Simplified unsigned arithmetic to avoid invalid < 0 checks.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
src/wolfterm.c Reworks unsigned math to remove invalid negative check flagged by static analysis.
src/internal.c Uses shared parsing helpers (GetSkip/GetString/GetStringRef) to add bounds checks and reduce manual parsing.
apps/wolfsshd/auth.c Switches to constant-time compares for password hash and CA key fingerprint checks.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

Copilot AI review requested due to automatic review settings March 11, 2026 20:55
@ejohnstown ejohnstown self-assigned this Mar 11, 2026
Copilot AI reviewed Mar 11, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@ejohnstown ejohnstown requested a review from Copilot March 16, 2026 17:17
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@ejohnstown ejohnstown requested a review from Copilot March 16, 2026 18:28
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@ejohnstown
Non-constant-time password hash comparison
801ac07 
In wolfSSHd, the comparisons of the password hash and public keys were
using memcmp(). Changed to use ConstantCompare().

Affected functions: CheckPasswordHashUnix, CheckPublicKeyUnix.
Issue: F-53
@ejohnstown
DoIgnore Missing Payload Bounds Validation
a8ad9f0 
The DoIgnore() function was not bounds checking the ignore message.
Changed it to use the GetSkip() function which does bounds checking and
skips the current blob. Updated GetSkip() to allow 0 length blobs to
skip.

Affected function: DoIgnore.
Issue: F-410
@ejohnstown
DoUserAuthRequestPassword Missing Bounds Check
9cb60cd 
Replace the original message parsing functions with the GetStringRef()
function, which does better bounds checking.

Affected function: DoUserAuthRequestPassword.
Issue: F-411
@ejohnstown ejohnstown requested a review from Copilot March 16, 2026 22:03
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@ejohnstown
DoServiceRequest Missing Bounds Check
6638c01 
Replace the original message parsing functions with the GetString()
function, which does better bounds checking.

Affected functions: DoServiceRequest, DoServiceAccept.
Issue: F-524, F-525
@ejohnstown ejohnstown requested a review from Copilot March 16, 2026 23:26
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@ejohnstown
PrepareUserAuthRequestEcc Missing Bounds Checks
6a3e97d 
For agent ECC public key parsing, replaced parsing the data by hand with
the GetSkip() and GetStringRef() functions which do bounds checking.

Affected function: PrepareUserAuthRequestEcc.
Issue: F-526
@ejohnstown
Unsigned variable compared < 0
331048d 
When filling the screen with spaces, the code was subtracting two
unsigned numbers and checking if they were negative. Changed to use a
comparison and adjust the subtraction as appropriate, then did the rest
of the size expansion. If the second point is before the first, set the
fill length to 0.

Affected function: wolfSSH_ClearScreen.
Issue: F-48
@ejohnstown ejohnstown assigned wolfSSL-Bot and unassigned ejohnstown Mar 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ejohnstown @wolfSSL-Bot