Skip to content

More fixes (fixes-4)#32

Merged
danielinux merged 12 commits intowolfSSL:masterfrom
gasbytes:fixes-4
Feb 20, 2026
Merged

More fixes (fixes-4)#32
danielinux merged 12 commits intowolfSSL:masterfrom
gasbytes:fixes-4

Conversation

@gasbytes
Copy link
Contributor

@gasbytes gasbytes commented Feb 18, 2026

More fixes caught by the fuzzers.

@gasbytes gasbytes self-assigned this Feb 18, 2026
@gasbytes gasbytes marked this pull request as ready for review February 19, 2026 17:32
@gasbytes gasbytes requested a review from danielinux February 19, 2026 17:32
@gasbytes gasbytes assigned danielinux and unassigned gasbytes Feb 19, 2026
danielinux
danielinux previously approved these changes Feb 19, 2026
View reviewed changes
@danielinux danielinux requested a review from Copilot February 19, 2026 18:19
Copilot AI reviewed Feb 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses additional fuzzer-found issues in the TCP/IP stack, focusing on wrap-safe TCP sequence arithmetic and more robust TCP connection state handling.

Changes:

  • Introduces a helper for TCP sequence subtraction and uses it in OOO/recv trimming paths.
  • Adjusts option parsing arithmetic to avoid unsigned underflow and initializes snd_una on SYN-RCVD.
  • Adds SYN duplicate-rejection logic and new unit regression tests.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
src/wolfip.c Implements wrap-aware TCP sequence handling, SYN duplicate rejection, and SYN-RCVD initialization fixes.
src/test/unit/unit.c Adds regression tests validating snd_una initialization and duplicate SYN behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@danielinux danielinux self-requested a review February 19, 2026 18:34
@danielinux danielinux assigned gasbytes and unassigned danielinux Feb 19, 2026
@gasbytes
change return type to int32_t for tcp_seq_diff and add explicit uint32_t
5597ae2 
cast.
prevents implicit conversion when signed comparison are happening.
@gasbytes
add the local_ip when doing the tuple comparison to prevent
be02ad4 
a SYN with different local_ip and same remote endpoint and port from being rejected
incorrectly.
so only truly identical connections are considered duplicates.
@gasbytes
fix repeated suite_add_tcase calls in unit.c
8bbdee5
@gasbytes gasbytes assigned danielinux and unassigned gasbytes Feb 20, 2026
@danielinux danielinux merged commit cf0f655 into wolfSSL:master Feb 20, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@danielinux danielinux danielinux approved these changes

Assignees

@danielinux danielinux

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gasbytes @danielinux

Comments