From 9db6a27921f4e6d6e0aaefc1548610c5e820314c Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 23 Feb 2017 14:47:36 -0800 Subject: [PATCH 1/3] =?UTF-8?q?Fixes=20for=20scan-build=20warnings.=20Fix?= =?UTF-8?q?=20possible=20memory=20leak=20in=20wolfSSL=5FDH=5Fnew=20on=20fa?= =?UTF-8?q?ilure.=20Add=20null=20checks=20in=20integer.c=20for=20destinati?= =?UTF-8?q?on=20to=20make=20sure=20=E2=80=9Cdp=E2=80=9D=20grows=20when=20N?= =?UTF-8?q?ULL=20(even=20though=20never=20happens=20in=20real-use).=20Adde?= =?UTF-8?q?d=20suppression=20of=20wc=5Fport.c=20warning=20=E2=80=9CValue?= =?UTF-8?q?=20stored=20to=20'ret'=20is=20never=20read=E2=80=9D.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/ssl.c | 1 + wolfcrypt/src/integer.c | 4 ++-- wolfcrypt/src/wc_port.c | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5fcd828fd..0b494ac03 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16133,6 +16133,7 @@ WOLFSSL_DH* wolfSSL_DH_new(void) if (wc_InitDhKey(key) != 0) { WOLFSSL_MSG("wolfSSL_DH_new InitDhKey failure"); XFREE(key, NULL, DYNAMIC_TYPE_DH); + XFREE(external, NULL, DYNAMIC_TYPE_DH); return NULL; } external->internal = key; diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index efa0af912..067a55012 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -330,7 +330,7 @@ int mp_copy (mp_int * a, mp_int * b) } /* grow dest */ - if (b->alloc < a->used) { + if (b->alloc < a->used || b->dp == NULL) { if ((res = mp_grow (b, a->used)) != MP_OKAY) { return res; } @@ -1633,7 +1633,7 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c) max_a = a->used; /* init result */ - if (c->alloc < max_a) { + if (c->alloc < max_a || c->dp == NULL) { if ((res = mp_grow (c, max_a)) != MP_OKAY) { return res; } diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index cf82ca674..532bf107e 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -78,6 +78,7 @@ int wolfCrypt_Init(void) WOLFSSL_MSG(ippGetStatusString(ret)); WOLFSSL_MSG("Using default fast IPP library"); ret = 0; + (void)ret; /* suppress not read warning */ } #endif From 67a8626430737d821a36eddcc574a54a7266e661 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 2 Mar 2017 15:56:31 -0800 Subject: [PATCH 2/3] =?UTF-8?q?Fix=20for=20scan-build=20warning=20with=20?= =?UTF-8?q?=E2=80=9C->dp=20=3D=3D=20NULL=E2=80=9D.=20Scenario=20can?= =?UTF-8?q?=E2=80=99t=20happen,=20but=20adding=20sanity=20check=20to=20sup?= =?UTF-8?q?press=20warning.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wolfcrypt/src/integer.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 067a55012..c5026bf6d 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -330,12 +330,16 @@ int mp_copy (mp_int * a, mp_int * b) } /* grow dest */ - if (b->alloc < a->used || b->dp == NULL) { + if (b->alloc < a->used) { if ((res = mp_grow (b, a->used)) != MP_OKAY) { return res; } } + /* sanity check on destination */ + if (b->dp == NULL) + return MP_VAL; + /* zero b and copy the parameters over */ { mp_digit *tmpa, *tmpb; @@ -1633,11 +1637,16 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c) max_a = a->used; /* init result */ - if (c->alloc < max_a || c->dp == NULL) { + if (c->alloc < max_a) { if ((res = mp_grow (c, max_a)) != MP_OKAY) { return res; } } + + /* sanity check on destination */ + if (c->dp == NULL) + return MP_VAL; + olduse = c->used; c->used = max_a; From 431f36352067c839ed6abfd829588940006c11e4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 3 Mar 2017 07:35:26 -0800 Subject: [PATCH 3/3] Better fixes for suppressing scan-build warning with normal math enabled. --- wolfcrypt/src/integer.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index c5026bf6d..380b5bccf 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -336,10 +336,6 @@ int mp_copy (mp_int * a, mp_int * b) } } - /* sanity check on destination */ - if (b->dp == NULL) - return MP_VAL; - /* zero b and copy the parameters over */ { mp_digit *tmpa, *tmpb; @@ -358,7 +354,7 @@ int mp_copy (mp_int * a, mp_int * b) } /* clear high digits */ - for (; n < b->used; n++) { + for (; n < b->used && b->dp; n++) { *tmpb++ = 0; } } @@ -3776,7 +3772,7 @@ int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) pa = a->used; pb = b->used; - for (ix = 0; ix < pa; ix++) { + for (ix = 0; ix < pa && a->dp; ix++) { /* clear the carry */ u = 0; @@ -3849,7 +3845,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) /* number of output digits to produce */ pa = a->used + b->used; _W = 0; - for (ix = digs; ix < pa; ix++) { + for (ix = digs; ix < pa && a->dp; ix++) { int tx, ty, iy; mp_digit *tmpx, *tmpy;