add sanity checks on username size

JacobBarthelmeh · JacobBarthelmeh · commit 8c8b9f5bb350 · 2026-01-22T10:38:14.000-07:00
diff --git a/src/wh_client_auth.c b/src/wh_client_auth.c
@@ -41,6 +41,18 @@
 #include "wolfhsm/wh_client.h"
 #include "wolfhsm/wh_auth.h"
 
+static int _wh_Client_AuthUserNameSanityCheck(const char* username)
+{
+    size_t len;
+
+    if (username == NULL) {
+        return 0;
+    }
+
+    len = strnlen(username, WH_MESSAGE_AUTH_MAX_USERNAME_LEN);
+    return (len < WH_MESSAGE_AUTH_MAX_USERNAME_LEN);
+}
+
 /** Authenticate */
 int wh_Client_AuthLoginRequest(whClientContext* c,
         whAuthMethod method, const char* username, const void* auth_data,
@@ -55,6 +67,10 @@ int wh_Client_AuthLoginRequest(whClientContext* c,
         return WH_ERROR_BADARGS;
     }
 
+    if (!_wh_Client_AuthUserNameSanityCheck(username)) {
+        return WH_ERROR_BADARGS;
+    }
+
     if (auth_data_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN) {
         return WH_ERROR_BADARGS;
     }
@@ -224,6 +240,10 @@ int wh_Client_AuthUserAddRequest(whClientContext* c, const char* username,
         return WH_ERROR_BADARGS;
     }
 
+    if (!_wh_Client_AuthUserNameSanityCheck(username)) {
+        return WH_ERROR_BADARGS;
+    }
+
     strncpy(msg->username, username, sizeof(msg->username));
 
     if (wh_MessageAuth_FlattenPermissions(&permissions, msg->permissions,
@@ -392,6 +412,10 @@ int wh_Client_AuthUserGetRequest(whClientContext* c, const char* username)
         return WH_ERROR_BADARGS;
     }
 
+    if (!_wh_Client_AuthUserNameSanityCheck(username)) {
+        return WH_ERROR_BADARGS;
+    }
+
     strncpy(msg.username, username, sizeof(msg.username));
     return wh_Client_SendRequest(c,
             WH_MESSAGE_GROUP_AUTH, WH_MESSAGE_AUTH_ACTION_USER_GET,
