Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves wolfSSL’s OpenSSL-compat BIO layer by tightening argument validation, correcting return/error semantics, fixing a reported OOB read, and adding targeted regression tests (zd#21528).
Changes:
- Fixes/reshapes several BIO behaviors (ctrl/ctrl_pending traversal, BIO_gets NUL termination, BIO_pop unlink safety, BIO_up_ref failure handling, BIO_get_fp argument checking).
- Adjusts MEM BIO write semantics to return
WOLFSSL_BIO_ERRORon failure and0on zero-length writes; updates tests and adds new regression tests for hostname and pending traversal. - Adds a BIO method type upper bound (
WOLFSSL_MAX_BIO_TYPE) and enforces it inwolfSSL_BIO_meth_new().
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
wolfssl/ssl.h |
Introduces WOLFSSL_MAX_BIO_TYPE to bound custom BIO method types. |
tests/api/test_ossl_bio.h |
Registers two new BIO regression tests in the test declaration list. |
tests/api/test_ossl_bio.c |
Updates an existing expectation for MEM BIO write failure and adds new tests for BIO_set_conn_hostname and chained BIO_ctrl_pending. |
src/bio.c |
Implements the BIO fixes/improvements across MEM BIO write, ctrl/ctrl_pending, gets termination, addr size NULL handling, get_fp arg validation, meth_new type bounds, conn hostname allocation logic, and pop unlink cleanup. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
* simplify wolfSSL_BIO_set_conn_hostname, fixing OOB read * restructure wolfSSL_BIO_ctrl_pending, fixing inverted check and * ctrlCB checking * return WOLFSSL_FAILURE in wolfSSL_BIO_up_ref when refInc fails, updated test to reflect this * check arguments for NULL in wolfSSL_BIO_ADDR_size * replace non-portable type long usigned int with size_t * wolfSSL_BIO_MEMORY_write: return WOLFSSL_BIO_ERROR on failure instead of WOLFSSL_FAILURE, return 0 when len is 0 * wolfSSL_BIO_get_fp: fix type mismatch comparing XFILE* pointer against XBADFILE * wolfSSL_BIO_ctrl: add NULL check on bio before switch * wolfSSL_BIO_pop: clear bio prev and next pointers after unlinking * wolfSSL_BIO_gets: place null terminator after actual bytes read from BIO_BIO nread
julek-wolfssl
requested changes
Apr 9, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
julek-wolfssl
previously approved these changes
Apr 9, 2026
dgarske
reviewed
Apr 9, 2026
Contributor
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
🐺 Skoll Code Review
Overall recommendation: APPROVE
Findings: 6 total — 2 posted, 4 skipped
Posted findings
- [Info] Stale comment still references WOLFSSL_FAILURE in wolfSSL_BIO_MEMORY_write —
src/bio.c:595-596 - [Medium] wolfSSL_BIO_ctrl_pending: ctrlCb check could dispatch to callback for built-in wrapper BIO types in chain —
src/bio.c:1308-1314
Skipped findings
- [Medium] test_wolfSSL_BIO_set_conn_hostname does not verify stored hostname value
- [Medium] No test coverage for wolfSSL_BIO_pop prev/next clearing
- [Medium] No test for wolfSSL_BIO_up_ref failure return when WOLFSSL_REFCNT_ERROR_RETURN is defined
- [Low] wolfSSL_BIO_MEMORY_write returns 0 for bio==NULL but callers may not expect this
Review generated by Skoll via openclaw
dgarske
approved these changes
Apr 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
updated test to reflect this
of WOLFSSL_FAILURE, return 0 when len is 0
XBADFILE
BIO_BIO nread
Fixes zd#21528