Merge pull request #6905 from bandi13/moreCodeSonarFixes

Don't nag about leaked resources

examples/asn1/asn1.c

@@ -470,6 +470,10 @@ int main(int argc, char* argv[])
     if (ret != 0) {
         fprintf(stderr, "%s\n", wc_GetErrorString(ret));
     }
+
+    if (fp != stdin) {
+        fclose(fp);
+    }
     return (ret == 0) ? 0 : 1;
 }
 

src/tls13.c

@@ -4723,10 +4723,14 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
     int digestSize;
     HS_Hashes* tmpHashes;
     HS_Hashes* acceptHashes;
-    byte zeros[WC_MAX_DIGEST_SIZE] = {0};
+    byte zeros[WC_MAX_DIGEST_SIZE];
     byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
     byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
     byte acceptConfirmation[ECH_ACCEPT_CONFIRMATION_SZ];
+    XMEMSET(zeros, 0, sizeof(zeros));
+    XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf));
+    XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk));
+    XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation));
     /* copy ech hashes to accept */
     ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes);
     /* swap hsHashes to acceptHashes */
@@ -4839,9 +4843,12 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
     int digestSize;
     HS_Hashes* tmpHashes;
     HS_Hashes* acceptHashes;
-    byte zeros[WC_MAX_DIGEST_SIZE] = {0};
+    byte zeros[WC_MAX_DIGEST_SIZE];
     byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
     byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
+    XMEMSET(zeros, 0, sizeof(zeros));
+    XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf));
+    XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk));
 
     /* copy ech hashes to accept */
     ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &acceptHashes);
@@ -5710,7 +5717,7 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)
     if (AllocateSuites(ssl) != 0)
         return;
 
-    XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ);
+    XMEMSET(suites, 0, sizeof(suites));
 
     if (!ssl->options.useClientOrder) {
         /* Server order refining. */

src/x509.c

@@ -14110,7 +14110,8 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
             }
         }
         ret = wolfSSL_sk_push(req->reqAttributes, attr);
-        if (ret != WOLFSSL_SUCCESS) {
+        if ((ret != WOLFSSL_SUCCESS) || (req->reqAttributes->type == STACK_TYPE_CIPHER)) {
+            /* CIPHER type makes a copy */
             wolfSSL_X509_ATTRIBUTE_free(attr);
         }
     }

tests/api.c

@@ -16878,6 +16878,7 @@ static int test_wc_Chacha_SetKey(void)
     word32 keySz = (word32)(sizeof(key)/sizeof(byte));
     byte       cipher[128];
 
+    XMEMSET(cipher, 0, sizeof(cipher));
     ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0);
     /* Test bad args. */
     ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), BAD_FUNC_ARG);
@@ -54076,6 +54077,8 @@ static int test_wolfssl_EVP_chacha20(void)
     EVP_CIPHER_CTX* ctx = NULL;
     int outSz;
 
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
     /* Encrypt. */
     ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL,

tests/srp.c

@@ -208,6 +208,7 @@ static void test_SrpSetPassword(void)
     byte v[64];
     word32 vSz = 0;
 
+    XMEMSET(v, 0, sizeof(v));
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
@@ -262,6 +263,7 @@ static void test_SrpGetPublic(void)
     byte pub[64];
     word32 pubSz = 0;
 
+    XMEMSET(pub, 0, sizeof(pub));
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
     AssertIntEQ(0, wc_SrpSetParams(&srp, srp_N,    sizeof(srp_N),
@@ -318,6 +320,8 @@ static void test_SrpComputeKey(void)
     word32 clientPubKeySz = 64;
     word32 serverPubKeySz = 64;
 
+    XMEMSET(clientPubKey, 0, sizeof(clientPubKey));
+    XMEMSET(serverPubKey, 0, sizeof(serverPubKey));
     AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
     AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
@@ -388,6 +392,10 @@ static void test_SrpGetProofAndVerify(void)
     word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
     word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
 
+    XMEMSET(clientPubKey, 0, sizeof(clientPubKey));
+    XMEMSET(serverPubKey, 0, sizeof(serverPubKey));
+    XMEMSET(clientProof, 0, sizeof(clientProof));
+    XMEMSET(serverProof, 0, sizeof(serverProof));
     AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
     AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
@@ -792,6 +800,10 @@ static void test_SrpKeyGenFunc_cb(void)
     };
 #endif
 
+    XMEMSET(clientPubKey, 0, sizeof(clientPubKey));
+    XMEMSET(serverPubKey, 0, sizeof(serverPubKey));
+    XMEMSET(clientProof, 0, sizeof(clientProof));
+    XMEMSET(serverProof, 0, sizeof(serverProof));
     AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE));
     AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE));
 

wolfcrypt/benchmark/benchmark.c

@@ -4732,6 +4732,7 @@ void bench_chacha(void)
     double start;
     int    i, count;
 
+    XMEMSET(&enc, 0, sizeof(enc));
     wc_Chacha_SetKey(&enc, bench_key, 16);
 
     bench_stats_start(&count, &start);

wolfcrypt/src/asn.c

@@ -37523,8 +37523,10 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
             }
             else if (mimeStatus == MIME_BODYVAL && cur == ';' && pos >= 1) {
                 end = pos-1;
-                if (bodyVal != NULL)
+                if (bodyVal != NULL) {
                     XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
+                    bodyVal = NULL;
+                }
                 ret = wc_MIME_header_strip(curLine, &bodyVal, start, end);
                 if (ret) {
                     goto error;
@@ -37617,9 +37619,12 @@ error:
     if (ret != 0)
         wc_MIME_free_hdrs(curHdr);
     wc_MIME_free_hdrs(nextHdr);
-    XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
-    XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
-    XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7);
+    if (nameAttr != NULL)
+        XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+    if (bodyVal != NULL)
+        XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7);
+    if (nextParam != NULL)
+        XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7);
 
     return ret;
 }

wolfcrypt/src/hpke.c

@@ -1127,6 +1127,7 @@ static int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context,
         return BAD_FUNC_ARG;
     }
 
+    XMEMSET(nonce, 0, sizeof(nonce));
 #ifdef WOLFSSL_SMALL_STACK
     aes_key = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES);
     if (aes_key == NULL) {

wolfcrypt/src/pkcs7.c

@@ -8697,6 +8697,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
     mp_int serialNum[1];
     RsaKey privKey[1];
 #endif
+    XMEMSET(issuerHash, 0, sizeof(issuerHash));
 
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
     keyIdSize = wc_HashGetDigestSize(wc_HashTypeConvert(HashIdAlg(