git:master:5f26491e: tls_wolfssl: cert serial number can exceed uint64 - sr-dev

4 Jul 2022

Module: kamailio
Branch: master
Commit: 5f26491e288092629fcd508b9acefe6edf175845
URL: https://github.com/kamailio/kamailio/commit/5f26491e288092629fcd508b9acefe6…

Author: S-P Chan &lt;shihping.chan(a)gmail.com&gt;
Committer: S-P Chan &lt;shihping.chan(a)gmail.com&gt;
Date: 2022-07-04T19:48:54+08:00

tls_wolfssl: cert serial number can exceed uint64

- GH #3168

---

Modified: src/modules/tls_wolfssl/tls_select.c

---

Diff: 
https://github.com/kamailio/kamailio/commit/5f26491e288092629fcd508b9acefe6…
Patch:
https://github.com/kamailio/kamailio/commit/5f26491e288092629fcd508b9acefe6…

---

diff --git a/src/modules/tls_wolfssl/tls_select.c b/src/modules/tls_wolfssl/tls_select.c
index 0cb2d59c36..b61c7c2a59 100644
--- a/src/modules/tls_wolfssl/tls_select.c
+++ b/src/modules/tls_wolfssl/tls_select.c
@@ -632,24 +632,32 @@ static int pv_validity(sip_msg_t* msg, pv_param_t* param,
pv_value_t* res)
 }
 
 
-static int get_sn(str* res, int* ires, int local, sip_msg_t* msg)
+static int get_sn(str* res, int local, sip_msg_t* msg)
 {
-	static char buf[INT2STR_MAX_LEN];
+	static char buf[80]; // > log(2^256,10)
 	X509* cert;
 	struct tcp_connection* c;
-	char* sn;
-	int num;
+	char* sn = NULL;
+	WOLFSSL_BIGNUM* bn = NULL;
 
 	if (get_cert(&cert, &c, msg, local) < 0) return -1;
 
-	num = ASN1_INTEGER_get(X509_get_serialNumber(cert));
-	sn = int2str(num, &res->len);
+	if(!(bn = wolfSSL_BN_new())) goto error;
+	if (!wolfSSL_ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), bn)) goto error;
+	if (!(sn = wolfSSL_BN_bn2dec(bn)) || strlen(sn) > 80) goto error;
+	res->len = strlen(sn);
 	memcpy(buf, sn, res->len);
 	res->s = buf;
-	if (ires) *ires = num;
+
 	if (!local) X509_free(cert);
 	tcpconn_put(c);
+	wolfSSL_OPENSSL_free(sn);
+	wolfSSL_BN_free(bn);
 	return 0;
+ error:
+	if (sn) wolfSSL_OPENSSL_free(sn);
+	if (bn) wolfSSL_BN_free(bn);
+	return -1;
 }
 
 static int sel_sn(str* res, select_t* s, sip_msg_t* msg)
@@ -664,7 +672,7 @@ static int sel_sn(str* res, select_t* s, sip_msg_t* msg)
 		return -1;
 	}
 
-	return get_sn(res, NULL, local, msg);
+	return get_sn(res, local, msg);
 }
 
 
@@ -681,11 +689,11 @@ static int pv_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t*
res)
 		return pv_get_null(msg, param, res);
 	}
 	
-	if (get_sn(&res->rs, &res->ri, local, msg) < 0) {
+	if (get_sn(&res->rs, local, msg) < 0) {
 		return pv_get_null(msg, param, res);
 	}
 	
-	res->flags = PV_VAL_STR | PV_VAL_INT;
+	res->flags = PV_VAL_STR;
 	return 0;
 }
 



    