Merge pull request #3471 from douzzer/fix-scan-build-20201104

fix various possibly spurious scan-build null deref reports.
2020-11-05 09:36:42 -07:00
parent b40543b342 5751319e00
commit 648c5e4735
2 changed files with 9 additions and 1 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -2843,6 +2843,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    WOLFSSL_START(WC_FUNC_SERVER_HELLO_DO);
    WOLFSSL_ENTER("DoTls13ServerHello");

+    if (ssl->arrays == NULL)
+        return BAD_FUNC_ARG;
+
 #ifdef WOLFSSL_CALLBACKS
    if (ssl->hsInfoOn) AddPacketName(ssl, "ServerHello");
    if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
@ -6889,6 +6892,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
            /* Server's authenticating with PSK must not send this. */
            if (ssl->options.serverState ==
                                         SERVER_ENCRYPTED_EXTENSIONS_COMPLETE &&
+                                                  ssl->arrays != NULL &&
                                                  ssl->arrays->psk_keySz != 0) {
                WOLFSSL_MSG("CertificateRequset received while using PSK");
                return SANITY_MSG_E;
@ -6915,6 +6919,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
            #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                /* Server's authenticating with PSK must not send this. */
                if (ssl->options.serverState == SERVER_CERT_COMPLETE &&
+                                                  ssl->arrays != NULL &&
                                                  ssl->arrays->psk_keySz != 0) {
                    WOLFSSL_MSG("CertificateVerify received while using PSK");
                    return SANITY_MSG_E;
@ -6956,7 +6961,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
                /* Must have seen certificate and verify from server except when
                 * using PSK. */
            #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-                if (ssl->arrays->psk_keySz != 0) {
+                if (ssl->arrays != NULL && ssl->arrays->psk_keySz != 0) {
                    if (ssl->options.serverState !=
                                         SERVER_ENCRYPTED_EXTENSIONS_COMPLETE) {
                        WOLFSSL_MSG("Finished received out of order");
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -15477,6 +15477,9 @@ int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen,
    word32 headerSz = 4;   /* 2*ASN_TAG + 2*LEN(ENUM) */
    int rAddLeadZero, sAddLeadZero;

+    if ((out == NULL) || (outLen == NULL) || (r == NULL) || (s == NULL))
+        return BAD_FUNC_ARG;
+
    /* Trim leading zeros */
    rLen = trim_leading_zeros(&r, rLen);
    sLen = trim_leading_zeros(&s, sLen);