Add checking in SHE response handlers#391
Conversation
|
|
||
| resp = (whMessageShe_SetUidResponse*)wh_CommClient_GetDataPtr(c->comm); | ||
| ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); | ||
| if (ret == WH_ERROR_OK) { |
There was a problem hiding this comment.
Could macro'ize this, but not sure if that's more readable
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #391
Scan targets checked: wolfhsm-core-bugs, wolfhsm-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
padelsbach
force-pushed
the
she-response-checking
branch
from
d367077 to
8616f78
Compare
| if (group != WH_MESSAGE_GROUP_SHE || | ||
| action != WH_SHE_SET_UID || |
There was a problem hiding this comment.
all these group and action checks are redundant, as they are handled in the comm layer. Otherwise every single client response check would need these.
Also, do you think the size check could be pushed down to the comm layer somehow in a uniform way, perhaps via same mechanism as #389 and #388? Currently these would need to be done inline everywhere.
Note we dont care THAT much about this fuzzing style stuff - currently the threat model is such that transports are trusted. If someone can modify data in your transport, all bets are off. So temped to just not do the infinite bikeshedding around input sanitation that fenrir keeps pointing out....
3 participants
Check for group, action and len in SHE response handlers. Found with experimental fuzzing.