[FS#4188] libwolfssl can't authenticate ip address ssl certificates

[OpenWrt Bugs]

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Alozxy (Alozxy) 

Attached to Project - OpenWrt/LEDE Project
Summary - libwolfssl can't authenticate ip address ssl certificates
Task Type - Bug Report
Category - Packages
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - openwrt-21.02
Due in Version - Undecided
Due Date - Undecided
Details - Recently I found that the libwolfssl could not authenticate some ip address ssl certificates.A strange thing is that some URLs(like https://1.1.1.1/) can be authenticated successfully, but others cannot(like https://223.5.5.5/),and it just happen on my mt7621 router Xiaomi Redmi AC2100 but cannot be reproduced on ipq4019 router MobiPromo CM520-79F.

And then i dig deeper into the source code and found the bug.

[[https://raw.githubusercontent.com/wolfSSL/wolfssl/v4.8.1-stable/src/internal.c]]

In line 10097,macro **XSNPRINTF** would expand to **snprintf**,and **altName->name[i]** has a char type.
on different platforms,char is not alway unsigned,if **altName->name[i]** is signed char and is larger than 127,it will then be convert into unsigned int incorrectly and print the wrong string.

The problem seems be sloved in wolfssl v5.0 because i saw some changes of relevant code,but the wolfssl in openwrt 21.02 is still v4.8.1-stable.I think maybe we can either upgrade the package or add a path to exist code?


More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=4188

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.