Open
Conversation
In wolfSSHd, the comparisons of the password hash and public keys were using memcmp(). Changed to use ConstantCompare(). Affected functions: CheckPasswordHashUnix, CheckPublicKeyUnix. Issue: F-53
The DoIgnore() function was not bounds checking the ignore message. Changed it to use the GetSkip() function which does bounds checking and skips the current blob. Affected function: DoIgnore. Issue: F-410
Replace the original message parsing functions with the GetStringRef() function, which does better bounds checking. Affected function: DoUserAuthRequestPassword. Issue: F-411
There was a problem hiding this comment.
Pull request overview
Addresses several wolfSSL static analyzer findings by hardening bounds checks and making comparisons constant-time.
Changes:
- Replaced ad-hoc payload skipping/string parsing with
GetSkip,GetString, andGetStringRefto add consistent bounds validation. - Updated password hash and public key fingerprint comparisons to use constant-time comparison.
- Simplified unsigned arithmetic to avoid invalid
< 0checks.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/wolfterm.c | Reworks unsigned math to remove invalid negative check flagged by static analysis. |
| src/internal.c | Uses shared parsing helpers (GetSkip/GetString/GetStringRef) to add bounds checks and reduce manual parsing. |
| apps/wolfsshd/auth.c | Switches to constant-time compares for password hash and CA key fingerprint checks. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Replace the original message parsing functions with the GetString() function, which does better bounds checking. Affected functions: DoServiceRequest, DoServiceAccept. Issue: F-524, F-525
For agent ECC public key parsing, replaced parsing the data by hand with the GetSkip() and GetStringRef() functions which do bounds checking. Affected function: PrepareUserAuthRequestEcc. Issue: F-526
When filling the screen with spaces, the code was subtracting two unsigned numbers and checking if they were negative. Changed to use a comparison and adjust the subtraction as appropriate, then did the rest of the size expansion. Affected function: wolfSSH_ClearScreen. Issue: F-48
ejohnstown
force-pushed
the
static-fixes
branch
from
5458927 to
a66e564
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix some bugs found by the wolfSSL static analyzer: