Scan-Build Fixes

1. Fixed a couple possible 0 byte allocations. 2. Fixed a couple missed frees due to error conditions. 3. Fixed a possible double free. To recreate: $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-11 14:12:22 -08:00
parent c7bb602a30
commit e996a7d15b
3 changed files with 25 additions and 6 deletions
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -2451,7 +2451,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)

 #ifdef OPENSSL_EXTRA
    {
-        byte*  rnd;
+        byte*  rnd = NULL;
        byte*  pt;
        size_t size;

@ -2461,8 +2461,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
            err_sys_ex(runWithErrors, "error getting server random buffer "
                       "size");
        }
+        else {
+            rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }

-        rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
        if (rnd == NULL) {
            err_sys_ex(runWithErrors, "error creating server random buffer");
        }
--- a/src/internal.c
+++ b/src/internal.c
@ -17312,7 +17312,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
    (void)i;

        if (IsEncryptionOn(ssl, 1)) {
-            byte* input;
+            byte* input = NULL;
            int   inputSz = i; /* build msg adds rec hdr */
            int   recordHeaderSz = RECORD_HEADER_SZ;

@ -17320,6 +17320,11 @@ int SendCertificateRequest(WOLFSSL* ssl)
                recordHeaderSz += DTLS_RECORD_EXTRA;
            inputSz -= recordHeaderSz;

+            if (inputSz <= 0) {
+                WOLFSSL_MSG("Send Cert Req bad inputSz");
+                return BUFFER_E;
+            }
+
            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
            if (input == NULL)
                return MEMORY_E;
@ -26691,6 +26696,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    #endif /* WOLFSSL_ASYNC_CRYPT */

        /* Final cleanup */
+        if (args->input != NULL) {
+            XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            args->input = NULL;
+        }
        FreeSskeArgs(ssl, args);
        FreeKeyExchange(ssl);

--- a/src/ssl.c
+++ b/src/ssl.c
@ -28041,8 +28041,10 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
    *p += idx;

 end:
-    if (ret != 0 && (sess == NULL || *sess != s))
+    if (ret != 0 && (sess == NULL || *sess != s)) {
        wolfSSL_SESSION_free(s);
+        s = NULL;
+    }
 #endif
    return s;
 }
@ -29875,8 +29877,14 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
        } else {
            privSz = pubSz;
        }
-        pub   = (unsigned char*)XMALLOC(pubSz,  NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-        priv  = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
+        if (pubSz > 0) {
+            pub = (unsigned char*)XMALLOC(pubSz,
+                    NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+        }
+        if (privSz > 0) {
+            priv = (unsigned char*)XMALLOC(privSz,
+                    NULL, DYNAMIC_TYPE_PRIVATE_KEY);
+        }
        if (pub == NULL || priv == NULL) {
            WOLFSSL_MSG("Unable to malloc memory");
        }