Merge pull request ARMmbed#3176 from aggarg/development #11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In ssl_parse_hello_verify_request, we print cookie_len bytes without checking that there are that many bytes left in ssl->in_msg. This could potentially log data outside the received message (not a big deal) and could potentially read from memory outside of the receive buffer (which would be a remotely exploitable crash).
In ssl_parse_hello_verify_request, we read 3 bytes (version and cookie length) without checking that there are that many bytes left in ssl->in_msg. This could potentially read from memory outside of the ssl->receive buffer (which would be a remotely exploitable crash).
On some systems, such as Ubuntu up to 19.04, `pylint` is for Python 2 and `pylint3` is for Python 3, so we should not use `pylint` even if it's available. Use the Python module instead of the trivial shell wrapper. This way we can make sure to use the correct Python version. Fix #3111 Signed-off-by: Gilles Peskine <[email protected]>
check_python_files was optional in all.sh because we used to have CI machines where pylint wasn't available. But this had the downside that check_python_files kept breaking because it wasn't checked in the CI. Now our CI has pylint and check_python_files should not be optional. Signed-off-by: Gilles Peskine <[email protected]>
Don't use a function argument as a for loop variable. It worked (mostly) but Pylint frowns on it (redefined-argument-from-local) and I think Pylint has a point. If the configuration file is not found, raise an exception mentioning the search path rather than just its last element. Signed-off-by: Gilles Peskine <[email protected]>
Rather than sometimes returning an integer, sometimes a boolean and sometimes implicitly returning None, always return 0 for success and 1 for failure. No behavior change for the program as a whole, since the None/True/False values were implicitly converted to the desired numerical value. Signed-off-by: Gilles Peskine <[email protected]>
Allow the perfectly reasonable idiom
if condition1:
return value1
else:
return value2
Signed-off-by: Gilles Peskine <[email protected]>
Pylint warns about things like ``log.info('...'.format(...))``.
It insists on ``log.info('...', ...)``.
This is of minor utility (mainly a performance gain when there are
many messages that use formatting and are below the log level).
Some versions of Pylint (including 1.8, which is the version on
Ubuntu 18.04) only recognize old-style format strings using '%',
and complain about something like ``log.info('{}', foo)`` with
logging-too-many-args (Pylint supports new-style formatting if
declared globally with logging_format_style under [LOGGING] but
this requires Pylint >=2.2).
Disable this warning to remain compatible with Pylint 1.8 and not have
to change abi_check.py to use %-formats instead of {}-formats when
logging.
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Guilhem Bryant <[email protected]>
Signed-off-by: Guilhem Bryant <[email protected]>
Signed-off-by: Guilhem Bryant <[email protected]>
Signed-off-by: Guilhem Bryant <[email protected]>
See the comments in the code for how an attack would go, and the ChangeLog entry for an impact assessment. (For ECDSA, leaking a few bits of the scalar over several signatures translates to full private key recovery using a lattice attack.) Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Guilhem Bryant <[email protected]>
Signed-off-by: Guilhem Bryant <[email protected]>
To test a file name exactly, prepend a / to the base name. files_to_check actually checks suffixes, not file names, so rename it to extensions_to_check. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Check Windows files for some issues, including permissions. Omit the checks related to special characters (whitespace, line endings, encoding) as appropriate. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Guilhem Bryant <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Use CRLF consistently instead of cobbling a \r here and a \n there. The generated files don't change. Signed-off-by: Gilles Peskine <[email protected]>
Don't mix Windows and Unix line endings, it's the worst of both worlds. Update the Visual Studio templates and regenerate the generated files. Signed-off-by: Gilles Peskine <[email protected]>
Adding .function was necessary, as otherwise ctags would have no idea what to do with those files. Adding .h may not be necessary, as by default ctags considers them C++ which is probably good enough, but since we're tuning the mapping anyway... Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Fix potential buffer overflow when tracking the unmet dependencies of a test case. The identifiers of unmet dependencies are stored in an array of fixed size. Ensure that we don't overrun the array. Signed-off-by: Ronald Cron <[email protected]>
The identifiers of the unmet dependencies of a test case are stored in a buffer of fixed size that can be potentially to small to store all the unmet dependencies. Indicate in test reports if some unmet dependencies are missing. Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Piotr Nowicki <[email protected]>
Clarify and simplify PSK
Signed-off-by: Piotr Nowicki <[email protected]>
Signed-off-by: Piotr Nowicki <[email protected]>
Signed-off-by: Piotr Nowicki <[email protected]>
Signed-off-by: Piotr Nowicki <[email protected]>
Required: MBEDTLS_X509_CRT_PARSE_C MBEDTLS_ERROR_C Signed-off-by: Piotr Nowicki <[email protected]>
Merge 2.22.0 release to development
When parsing a certificate with the basic constraints extension the max_pathlen that was read from it was incremented regardless of its value. However, if the max_pathlen is equal to INT_MAX (which is highly unlikely), an undefined behaviour would occur. This commit adds a check to ensure that such value is not accepted as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced. Certificates added in this commit were generated using the test_suite_x509write, function test_x509_crt_check. Input data taken from the "Certificate write check Server1 SHA1" test case, so the generated files are like the "server1.crt", but with the "is_ca" field set to 1 and max_pathlen as described by the file name. Signed-off-by: Andrzej Kurek <[email protected]>
Signed-off-by: Piotr Nowicki <[email protected]>
Add program for deserializing from base64 code
Guard from undefined behaviour in case of an INT_MAX max_pathlen
…er-overflow-fix Unmet dependencies buffer overflow fix
Also update its value while at it. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
A file generated based on the output of `make list` from programs has been re-generated. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Piotr Nowicki <[email protected]>
Signed-off-by: Piotr Nowicki <[email protected]>
…elopment Pass Pylint up to 2.4
Improve formatting of lists in Makefile, CMakeLists.txt and .gitignore
Fix arithmetic overflow in benchmark
Check Windows files for sanity as well
…-in-suites Add lower bound check to function index lookup
Saving the serialized context to a file
Signed-off-by: Gilles Peskine <[email protected]>
1. The functions mbedtls_high_level_strerr and mbedtls_low_level_strerr accept any error code and extract the high-level and low-level parts respectively. 2. Documentation updates. Signed-off-by: Gaurav Aggarwal <[email protected]>
…_checks Re-generate a file
Add support for const error description strings
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Notes:
Signed-off-by:line from the committer to certify that the contribution is made under the terms of the Developer Certificate of Origin.Description
A few sentences describing the overall goals of the pull request's commits.
Status
READY/IN DEVELOPMENT/HOLD
Requires Backporting
When there is a bug fix, it should be backported to all maintained and supported branches.
Changes do not have to be backported if:
Yes | NO
Which branch?
Migrations
If there is any API change, what's the incentive and logic for it.
YES | NO
Additional comments
Any additional information that could be of interest
Todos
Steps to test or reproduce
Outline the steps to test or reproduce the PR here.