tests: cover input validation fixes

JeremiahM37 · JeremiahM37 · commit 329ddea2e61f · 2026-05-06T16:18:23.000Z
diff --git a/tests/api.c b/tests/api.c
@@ -12119,6 +12119,19 @@ static int test_wc_PemToDer(void)
             XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #endif
+    /* NULL buff, zero size, and negative size must be rejected up front. The
+     * pre-fix code cast longSz to word32, so a negative value drove an
+     * over-read inside PemToDer. */
+    {
+        const byte stub[] = "x";
+        DerBuffer* badDer = NULL;
+        ExpectIntEQ(wc_PemToDer(NULL, 100, CERT_TYPE, &badDer, NULL, &info,
+            &eccKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_PemToDer(stub, 0, CERT_TYPE, &badDer, NULL, &info,
+            &eccKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_PemToDer(stub, -1, CERT_TYPE, &badDer, NULL, &info,
+            &eccKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
 #endif
     return EXPECT_RESULT();
 }
diff --git a/tests/api/test_camellia.c b/tests/api/test_camellia.c
@@ -107,6 +107,38 @@ int test_wc_CamelliaSetIV(void)
     return EXPECT_RESULT();
 } /* END test_wc_CamelliaSetIV*/
 
+/*
+ * Test wc_CamelliaFree zeroes the key schedule and is NULL safe.
+ */
+int test_wc_CamelliaFree(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia camellia;
+    static const byte key[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
+    };
+    static const byte iv[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+    byte zero[sizeof(camellia)];
+
+    XMEMSET(zero, 0, sizeof(zero));
+
+    /* NULL is safe. */
+    wc_CamelliaFree(NULL);
+
+    /* After SetKey the schedule is populated; Free must wipe it. */
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key, (word32)sizeof(key), iv), 0);
+    ExpectIntNE(XMEMCMP(&camellia, zero, sizeof(camellia)), 0);
+    wc_CamelliaFree(&camellia);
+    ExpectIntEQ(XMEMCMP(&camellia, zero, sizeof(camellia)), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CamelliaFree */
+
 /*
  * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
  */
diff --git a/tests/api/test_camellia.h b/tests/api/test_camellia.h
@@ -26,13 +26,15 @@
 
 int test_wc_CamelliaSetKey(void);
 int test_wc_CamelliaSetIV(void);
+int test_wc_CamelliaFree(void);
 int test_wc_CamelliaEncryptDecryptDirect(void);
 int test_wc_CamelliaCbcEncryptDecrypt(void);
 int test_wc_CamelliaCbc_MonteCarlo(void);
 
 #define TEST_CAMELLIA_DECLS                                             \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaSetKey),                \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaSetIV),                 \
+    TEST_DECL_GROUP("camellia", test_wc_CamelliaFree),                  \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaEncryptDecryptDirect),  \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaCbcEncryptDecrypt),     \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaCbc_MonteCarlo)
diff --git a/tests/api/test_pkcs7.c b/tests/api/test_pkcs7.c
@@ -5028,6 +5028,14 @@ int test_wc_PKCS7_DecodeCompressedData(void)
     ExpectNotNull(decompressed);
     ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
     XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    decompressed = NULL;
+
+    /* inSz that would overflow on the initial 'tmpSz = inSz * 2' must be
+     * rejected up front rather than handed to XMALLOC. */
+    ExpectIntEQ(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
+        out, ((word32)INT_MAX / 2) + 1, 0, heap),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectNull(decompressed);
 
     if (cert_buf != NULL)
         XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
