Add test case

Author: embhorn

tests/api.c

@@ -32854,6 +32854,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_certificate_authorities_certificate_request),
     TEST_DECL(test_certificate_authorities_client_hello),
     TEST_DECL(test_TLSX_TCA_Find),
+    TEST_DECL(test_TLSX_SNI_GetSize_overflow),
     TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
     TEST_DECL(test_wolfSSL_SCR_Reconnect),
     TEST_DECL(test_wolfSSL_SCR_check_enabled),

tests/api/test_tls_ext.c

@@ -545,3 +545,135 @@ int test_certificate_authorities_client_hello(void) {
 #endif
     return EXPECT_RESULT();
 }
+
+#if defined(HAVE_SNI) && !defined(NO_WOLFSSL_CLIENT)
+/* Walk the TLSX list to find an extension by type. */
+static TLSX* test_TLSX_find_ext_sni(TLSX* list, TLSX_Type type)
+{
+    while (list) {
+        if (list->type == type)
+            return list;
+        list = list->next;
+    }
+    return NULL;
+}
+
+/* Replicate the SNI size calculation to test overflow protection.
+ * The fixed TLSX_SNI_GetSize uses word32 internally and returns 0 on
+ * overflow. This helper mirrors that logic so we can verify the behavior. */
+static word16 test_SNI_GetSize(SNI* list)
+{
+    SNI* sni;
+    word32 length = OPAQUE16_LEN;
+
+    while ((sni = list)) {
+        list = sni->next;
+        length += ENUM_LEN + OPAQUE16_LEN;
+        switch (sni->type) {
+            case WOLFSSL_SNI_HOST_NAME:
+                length += (word16)XSTRLEN((char*)sni->data.host_name);
+                break;
+        }
+        if (length > WOLFSSL_MAX_16BIT)
+            return 0;
+    }
+    return (word16)length;
+}
+
+/* Replicate the old (vulnerable) SNI size calculation using word16 to
+ * demonstrate the overflow that the fix prevents. */
+static word16 test_SNI_GetSize_old(SNI* list)
+{
+    SNI* sni;
+    word16 length = OPAQUE16_LEN;
+
+    while ((sni = list)) {
+        list = sni->next;
+        length += ENUM_LEN + OPAQUE16_LEN;
+        switch (sni->type) {
+            case WOLFSSL_SNI_HOST_NAME:
+                length += (word16)XSTRLEN((char*)sni->data.host_name);
+                break;
+        }
+    }
+    return length;
+}
+
+/* Test that the SNI size calculation returns 0 on overflow instead of
+ * wrapping around to a small value (integer overflow vulnerability). */
+/* closing #if for helper functions */
+#endif /* HAVE_SNI && !NO_WOLFSSL_CLIENT */
+
+int test_TLSX_SNI_GetSize_overflow(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_SNI) && !defined(NO_WOLFSSL_CLIENT)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+    TLSX* sni_ext = NULL;
+    SNI* head = NULL;
+    SNI* sni = NULL;
+    int i;
+    word16 fixed_size;
+    word16 old_size;
+    /* Each SNI adds ENUM_LEN(1) + OPAQUE16_LEN(2) + hostname_len to the size.
+     * With a 1-byte hostname, each entry adds 4 bytes. Starting from
+     * OPAQUE16_LEN(2) base, we need enough entries to exceed UINT16_MAX. */
+    const int num_sni = (0xFFFF / 4) + 2;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+
+    /* Add initial SNI via public API */
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+                wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "a", 1));
+
+    /* Find the SNI extension and manually build a long chain */
+    if (EXPECT_SUCCESS()) {
+        sni_ext = test_TLSX_find_ext_sni(ssl->extensions, TLSX_SERVER_NAME);
+        ExpectNotNull(sni_ext);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        head = (SNI*)sni_ext->data;
+        ExpectNotNull(head);
+    }
+
+    /* Append many SNI nodes to force overflow in the size calculation */
+    for (i = 1; EXPECT_SUCCESS() && i < num_sni; i++) {
+        sni = (SNI*)XMALLOC(sizeof(SNI), NULL, DYNAMIC_TYPE_TLSX);
+        ExpectNotNull(sni);
+        if (sni != NULL) {
+            XMEMSET(sni, 0, sizeof(SNI));
+            sni->type = WOLFSSL_SNI_HOST_NAME;
+            sni->data.host_name = (char*)XMALLOC(2, NULL, DYNAMIC_TYPE_TLSX);
+            ExpectNotNull(sni->data.host_name);
+            if (sni->data.host_name != NULL) {
+                sni->data.host_name[0] = 'a';
+                sni->data.host_name[1] = '\0';
+            }
+            sni->next = head->next;
+            head->next = sni;
+        }
+    }
+
+    if (EXPECT_SUCCESS()) {
+        /* The fixed calculation should return 0 (overflow detected) */
+        fixed_size = test_SNI_GetSize((SNI*)sni_ext->data);
+        ExpectIntEQ(fixed_size, 0);
+
+        /* The old (vulnerable) calculation would wrap around to a small value.
+         * The unwrapped total is approximately OPAQUE16_LEN + num_sni * 4,
+         * which is ~65,542. After wrapping past UINT16_MAX the result should
+         * be drastically smaller than that expected total. */
+        old_size = test_SNI_GetSize_old((SNI*)sni_ext->data);
+        ExpectIntNE(old_size, 0);
+        ExpectIntLT(old_size,
+            OPAQUE16_LEN + num_sni * (ENUM_LEN + OPAQUE16_LEN + 1));
+    }
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_tls_ext.h

@@ -27,5 +27,6 @@ int test_wolfSSL_DisableExtendedMasterSecret(void);
 int test_certificate_authorities_certificate_request(void);
 int test_certificate_authorities_client_hello(void);
 int test_TLSX_TCA_Find(void);
+int test_TLSX_SNI_GetSize_overflow(void);
 
 #endif /* TESTS_API_TEST_TLS_EMS_H */