Skip to content

Add a bounds check on ff_close, ff_pwrite and ff_pread#904

Open
yosuke-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
yosuke-wolfssl:f_1272
Open

Add a bounds check on ff_close, ff_pwrite and ff_pread#904
yosuke-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
yosuke-wolfssl:f_1272

Conversation

@yosuke-wolfssl
Copy link
Copy Markdown
Contributor

@yosuke-wolfssl yosuke-wolfssl commented Apr 2, 2026

This PR adds the bound check into ff_close, ff_pwrite and ff_pread implemented in src/wolfsftp.c.

@yosuke-wolfssl yosuke-wolfssl self-assigned this Apr 2, 2026
Copilot AI review requested due to automatic review settings April 2, 2026 23:08
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds defensive bounds checks for FatFS-backed file descriptor pool access to prevent out-of-range indexing in the WolfSSH SFTP FatFS port.

Changes:

  • Add fd range validation in ff_close.
  • Add fd range validation in ff_pwrite / ff_pread before dereferencing fd_pool[fd].
  • Refactor FIL* f initialization so it occurs after the new bounds checks.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yosuke-wolfssl @wolfSSL-Bot