[sr-dev] git:master:5f26491e: tls_wolfssl: cert serial number can exceed uint64

Module: kamailio Branch: master Commit: 5f26491e288092629fcd508b9acefe6edf175845 URL: https://github.com/kamailio/kamailio/commit/5f26491e288092629fcd508b9acefe6e...

Author: S-P Chan shihping.chan@gmail.com Committer: S-P Chan shihping.chan@gmail.com Date: 2022-07-04T19:48:54+08:00

tls_wolfssl: cert serial number can exceed uint64

- GH #3168

---

Modified: src/modules/tls_wolfssl/tls_select.c

---

Diff: https://github.com/kamailio/kamailio/commit/5f26491e288092629fcd508b9acefe6e... Patch: https://github.com/kamailio/kamailio/commit/5f26491e288092629fcd508b9acefe6e...

---

diff --git a/src/modules/tls_wolfssl/tls_select.c b/src/modules/tls_wolfssl/tls_select.c index 0cb2d59c36..b61c7c2a59 100644 --- a/src/modules/tls_wolfssl/tls_select.c +++ b/src/modules/tls_wolfssl/tls_select.c @@ -632,24 +632,32 @@ static int pv_validity(sip_msg_t* msg, pv_param_t* param, pv_value_t* res) }

-static int get_sn(str* res, int* ires, int local, sip_msg_t* msg) +static int get_sn(str* res, int local, sip_msg_t* msg) { - static char buf[INT2STR_MAX_LEN]; + static char buf[80]; // > log(2^256,10) X509* cert; struct tcp_connection* c; - char* sn; - int num; + char* sn = NULL; + WOLFSSL_BIGNUM* bn = NULL;

if (get_cert(&cert, &c, msg, local) < 0) return -1;

- num = ASN1_INTEGER_get(X509_get_serialNumber(cert)); - sn = int2str(num, &res->len); + if(!(bn = wolfSSL_BN_new())) goto error; + if (!wolfSSL_ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), bn)) goto error; + if (!(sn = wolfSSL_BN_bn2dec(bn)) || strlen(sn) > 80) goto error; + res->len = strlen(sn); memcpy(buf, sn, res->len); res->s = buf; - if (ires) *ires = num; + if (!local) X509_free(cert); tcpconn_put(c); + wolfSSL_OPENSSL_free(sn); + wolfSSL_BN_free(bn); return 0; + error: + if (sn) wolfSSL_OPENSSL_free(sn); + if (bn) wolfSSL_BN_free(bn); + return -1; }

static int sel_sn(str* res, select_t* s, sip_msg_t* msg) @@ -664,7 +672,7 @@ static int sel_sn(str* res, select_t* s, sip_msg_t* msg) return -1; }

- return get_sn(res, NULL, local, msg); + return get_sn(res, local, msg); }

@@ -681,11 +689,11 @@ static int pv_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res) return pv_get_null(msg, param, res); } - if (get_sn(&res->rs, &res->ri, local, msg) < 0) { + if (get_sn(&res->rs, local, msg) < 0) { return pv_get_null(msg, param, res); } - res->flags = PV_VAL_STR | PV_VAL_INT; + res->flags = PV_VAL_STR; return 0; }