Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Addresses several findings from the wolfSSL static analyzer across terminal handling, SFTP/FatFS file open logic, agent signing key setup, and SSHD authentication cleanup to improve correctness and safety.
Changes:
- Fixes a missing
breakin control-sequence handling to prevent unintended switch fallthrough. - Updates SFTP/FatFS open-mode handling and corrects an operator-precedence issue in Win32 authentication.
- Adds missing crypto initialization/checks (ECC init before import, check
wc_InitRsaKey()return) and securely zeroes plaintext password buffers before free.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
src/wolfterm.c |
Adds missing break to stop unintended fallthrough in CSI J handling. |
src/wolfsftp.c |
Initializes mode and adjusts flag tests for FatFS open-mode selection. |
src/agent.c |
Adds unused-parameter suppression in stubs; adds RSA init return check and ECC init before key import. |
apps/wolfsshd/auth.c |
Zeroes plaintext password copy before freeing; fixes precedence in LsaLookupAuthenticationPackage result check. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
src/agent.c:702
- If
wc_InitRsaKey()fails (i.e.,ret != 0), the code still falls through to theencSigSz <= 0check (sinceencSigSzremains 0) and overwritesretwithWS_CRYPTO_FAILED. This loses the original failure code and can misreport the root cause. Suggestion: handle thewc_InitRsaKey()error via an early return (or preserveretand skip the encode/signature error mapping when init fails), so init failures aren’t masked as “Bad Encode Sig.”
int encSigSz = 0;
int ret = 0;
ret = wc_InitRsaKey(&key, heap);
if (ret == 0) {
mp_read_unsigned_bin(&key.n, rawKey->n, rawKey->nSz);
mp_read_unsigned_bin(&key.e, rawKey->e, rawKey->eSz);
mp_read_unsigned_bin(&key.d, rawKey->d, rawKey->dSz);
mp_read_unsigned_bin(&key.p, rawKey->p, rawKey->pSz);
mp_read_unsigned_bin(&key.q, rawKey->q, rawKey->qSz);
mp_read_unsigned_bin(&key.u, rawKey->iqmp, rawKey->iqmpSz);
encSigSz = wc_EncodeSignature(encSig, digest, digestSz,
wc_HashGetOID(hashType));
}
if (encSigSz <= 0) {
WLOG(WS_LOG_DEBUG, "Bad Encode Sig");
ret = WS_CRYPTO_FAILED;
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Added parens around an assignment to a variable before it is compared to an expected value. Affected function: SetupUserTokenWin. Issue: F-210
1. Call `wc_ecc_init()` on an ECC key before importing it. 2. Incidental: `PostLock()` and `PostUnlock()` needed their agent pointers tagged as unused. Affected functions: SignHashEcc. PostLock and PostUnlock. Issue: F-211
Check the return value of `wc_InitRsaKey()`. It will initialize the structure provided the pointer is non-null. Since the key is on the stack, the later call to `wc_FreeRsaKey()` will succeed as well. Modified the check for the encoded signature size inside the block where it is set; that check also updates the return value. Affected function: SignHashRsa. Issue: F-212
Addded a break to the 'J' case of a switch statement that handles terminal display clearing for Windows. It was flowing into case 'K' without an explicit fallthrough tag. Affected function: wolfSSH_DoControlSeq. Issue: F-49
When a copy of the user's password is freed, it wasn't getting force zeroed. It might still exist in the heap after getting freed. Added a call to `ForceZero()`. Affected function: CheckPasswordUnix. Issue: F-56
Removed the variable. The flags passed to ff_open() are appropriate for ff_open(). Just check that read or write is set. Affected function: ff_open. Issue: F-213
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
JacobBarthelmeh
approved these changes
Mar 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix some bugs found by the wolfSSL static analyzer: