fix stack buffer overflow in encryption setup

Author: miyazakh

src/crypto/clu_crypto_setup.c

@@ -347,7 +347,10 @@ int wolfCLU_setup(int argc, char** argv, char action)
             WOLFCLU_LOG(WOLFCLU_L0,
                     "-in flag was not set, please enter a string or"
                    "file name to be encrypted: ");
-            ret = (int) scanf("%s", inName);
+            ret = (fgets(inName, sizeof(inName), stdin) != NULL) ? 1 : 0;
+            if (ret > 0) {
+                inName[strcspn(inName, "\n")] = '\0';
+            }
         }
         in = inName;
         WOLFCLU_LOG(WOLFCLU_L0, "Encrypting :\"%s\"", inName);
@@ -397,7 +400,11 @@ int wolfCLU_setup(int argc, char** argv, char action)
                 while (ret == 0) {
                     WOLFCLU_LOG(WOLFCLU_L0,
                             "Please enter a name for the output file: ");
-                    ret = (int) scanf("%s", outNameEnc);
+                    ret = (fgets(outNameEnc, sizeof(outNameEnc), stdin) != NULL)
+                                     ? 1 : 0;
+                    if (ret > 0) {
+                        outNameEnc[strcspn(outNameEnc, "\n")] = '\0';
+                    }
                     out = (ret > 0) ? outNameEnc : '\0';
                 }
             }
@@ -419,7 +426,11 @@ int wolfCLU_setup(int argc, char** argv, char action)
                 while (ret == 0) {
                     WOLFCLU_LOG(WOLFCLU_L0,
                             "Please enter a name for the output file: ");
-                    ret = (int) scanf("%s", outNameDec);
+                    ret = (fgets(outNameDec, sizeof(outNameDec), stdin) != NULL)
+                                                                     ? 1 : 0;
+                    if (ret > 0) {
+                        outNameDec[strcspn(outNameDec, "\n")] = '\0';
+                    }
                     out = (ret > 0) ? outNameDec : '\0';
                 }
             }

tests/encrypt/enc-test.sh

@@ -185,5 +185,47 @@ fi
 rm -f test-dec.der
 rm -f test-enc.der
 
+# Regression tests for stack buffer overflow fix (scanf -> fgets)
+
+# Test: -in not provided, filename supplied via stdin (inName path, L344)
+printf "certs/crl.der\n" | ./wolfssl enc -aes-128-cbc -out test-stdin-in.enc -k "testpass" > /dev/null 2>&1
+if [ $? != 0 ]; then
+    echo "Failed: enc with stdin input (no -in flag)"
+    exit 99
+fi
+./wolfssl enc -d -aes-128-cbc -in test-stdin-in.enc -out test-stdin-in.dec -k "testpass" > /dev/null 2>&1
+diff certs/crl.der test-stdin-in.dec > /dev/null 2>&1
+if [ $? != 0 ]; then
+    echo "Failed: stdin enc/dec roundtrip mismatch"
+    exit 99
+fi
+rm -f test-stdin-in.enc test-stdin-in.dec
+
+
+# Test: outNameEnc/outNameDec via stdin (non-EVP path, Camellia)
+./wolfssl enc -camellia-128-cbc -in certs/crl.der -out test-cam-probe.enc -k "testpass" > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+    # outNameEnc: -out omitted, filename supplied via stdin
+    printf "test-cam-stdin.enc\n" | ./wolfssl enc -camellia-128-cbc -in certs/crl.der -k "testpass" > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia enc with stdin output name (no -out flag)"
+        exit 99
+    fi
+
+    # outNameDec: -out omitted, filename supplied via stdin
+    printf "test-cam-stdin.dec\n" | ./wolfssl enc -d -camellia-128-cbc -in test-cam-stdin.enc -k "testpass" > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia dec with stdin output name (no -out flag)"
+        exit 99
+    fi
+    diff certs/crl.der test-cam-stdin.dec > /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Failed: Camellia stdin outName enc/dec roundtrip mismatch"
+        exit 99
+    fi
+
+    rm -f test-cam-probe.enc test-cam-stdin.enc test-cam-stdin.dec
+fi
+
 echo "Done"
 exit 0