feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #8695 from JacobBarthelmeh/coverity

Browse Source 
null derefernce sanity checks and control flow issue
This commit is contained in:
Daniel Pouzzner
2025-04-22 11:37:51 -05:00
committed by GitHub
parent 3ca444e0e1 d481086910
commit 25cd009a42
5 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/internal.c
View File

@@ -7306,6 +7306,8 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
ret = InitHandshakeHashes(ssl); ret = InitHandshakeHashes(ssl);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret); WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret);
ssl->hsHashes = tmpHashes; /* restore hsHashes pointer to original
* before returning */
return ret; return ret;
} }

2
src/ssl_load.c
View File

@@ -1112,7 +1112,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
matchAnyKey = 1; matchAnyKey = 1;
} }
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
if(*keyFormat == RSAPSSk) { if((ret == 0) && (*keyFormat == RSAPSSk)) {
/* /*
Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK), Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK),
and to detect that the der is RSAPSSk (when *keyFormat == 0). and to detect that the der is RSAPSSk (when *keyFormat == 0).

4
src/ssl_sess.c
View File

@@ -3534,6 +3534,10 @@ int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session) unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session)
{ {
if (session == NULL) {
return BAD_FUNC_ARG;
}
return session->maxEarlyDataSz; return session->maxEarlyDataSz;
} }
#endif /* WOLFSSL_EARLY_DATA */ #endif /* WOLFSSL_EARLY_DATA */

3
tests/quic.c
View File

@@ -1675,6 +1675,9 @@ static int test_quic_early_data(int verbose) {
QuicTestContext_free(&tclient); QuicTestContext_free(&tclient);
QuicTestContext_free(&tserver); QuicTestContext_free(&tserver);
/* check for error value with null argument */
ExpectIntEQ(wolfSSL_SESSION_get_max_early_data(NULL), BAD_FUNC_ARG);
/* QUIC requires 0 or 0xffffffff as only allowed values. /* QUIC requires 0 or 0xffffffff as only allowed values.
* Since we enabled early data in the server that created the session, * Since we enabled early data in the server that created the session,
* we need to see it here. */ * we need to see it here. */

4
wolfcrypt/src/hpke.c
View File

@@ -586,6 +586,10 @@ static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context,
int ret; int ret;
byte seq_bytes[HPKE_Nn_MAX]; byte seq_bytes[HPKE_Nn_MAX];
if (hpke == NULL || context == NULL) {
return BAD_FUNC_ARG;
}
/* convert the sequence into a byte string with the same length as the /* convert the sequence into a byte string with the same length as the
* nonce */ * nonce */
ret = I2OSP(context->seq, (int)hpke->Nn, seq_bytes); ret = I2OSP(context->seq, (int)hpke->Nn, seq_bytes);