Skip to content

Fenrir High Fixes#250

Open
aidankeefe2022 wants to merge 1 commit into
wolfSSL:mainfrom
aidankeefe2022:fenrir-fixes
Open

Fenrir High Fixes#250
aidankeefe2022 wants to merge 1 commit into
wolfSSL:mainfrom
aidankeefe2022:fenrir-fixes

Conversation

@aidankeefe2022

@aidankeefe2022 aidankeefe2022 commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Member

F-4829 fixed possibility of overflow https://fenrir.wolfssl.com/finding/4829

@aidankeefe2022 aidankeefe2022 self-assigned this Jun 11, 2026
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Jun 11, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #250

Scan targets checked: wolfclu-bugs, wolfclu-src

No new issues found in the changed files. ✅

@cconlon cconlon requested a review from Copilot June 11, 2026 21:24
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Addresses two Fenrir findings by hardening certificate signing behavior and preventing integer overflow in SCGI request parsing.

Changes:

  • Prevents potential integer overflow when validating SCGI contentLength against the remaining buffer space.
  • Avoids silent success when certificate signing cannot proceed due to an invalid/unsupported signing method.
  • Adjusts CA key handling in wolfCLU_CertSignSetCA, including freeing previous keys and handling unsupported key types.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
src/x509/clu_x509_sign.c Tightens signing failure handling and updates CA key ownership/freeing behavior.
src/tools/clu_scgi.c Fixes potential overflow in SCGI content-length bounds checking.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/x509/clu_x509_sign.c
Comment thread src/x509/clu_x509_sign.c Outdated
Comment thread src/tools/clu_scgi.c Outdated
@cconlon cconlon assigned aidankeefe2022 and unassigned cconlon Jun 11, 2026
@cconlon cconlon requested a review from Copilot June 12, 2026 21:32
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Jun 12, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #250

Scan targets checked: wolfclu-bugs, wolfclu-src

No new issues found in the changed files. ✅

Copilot AI reviewed Jun 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

Comment thread tests/ocsp-scgi/ocsp-scgi-test.py Outdated
Comment thread tests/ocsp-scgi/ocsp-scgi-test.py
Comment thread src/tools/clu_scgi.c Outdated
Comment thread src/tools/clu_scgi.c Outdated
@aidankeefe2022
F-4829 fixed possibility of overflow
d1fc7e6 
removed fix in x509_sign.c due to upcomming mldsa implimentaion

added test to make content len is caught

added gaurd at top of function so we can be sure all checks will catch bad behavior
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Jun 12, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #250

Scan targets checked: wolfclu-bugs, wolfclu-src

No new issues found in the changed files. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@aidankeefe2022 aidankeefe2022

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aidankeefe2022 @wolfSSL-Fenrir-bot @cconlon