From e996a7d15be88f34ba6c47057bfd52d3775dbfc5 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 11 Nov 2020 14:12:22 -0800 Subject: [PATCH] Scan-Build Fixes 1. Fixed a couple possible 0 byte allocations. 2. Fixed a couple missed frees due to error conditions. 3. Fixed a possible double free. To recreate: $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory --- examples/server/server.c | 6 ++++-- src/internal.c | 11 ++++++++++- src/ssl.c | 14 +++++++++++--- 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 0bd6efd2c..344dca12f 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2451,7 +2451,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef OPENSSL_EXTRA { - byte* rnd; + byte* rnd = NULL; byte* pt; size_t size; @@ -2461,8 +2461,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) err_sys_ex(runWithErrors, "error getting server random buffer " "size"); } + else { + rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } - rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (rnd == NULL) { err_sys_ex(runWithErrors, "error creating server random buffer"); } diff --git a/src/internal.c b/src/internal.c index 2d8e64f39..8b25c6f7a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -17312,7 +17312,7 @@ int SendCertificateRequest(WOLFSSL* ssl) (void)i; if (IsEncryptionOn(ssl, 1)) { - byte* input; + byte* input = NULL; int inputSz = i; /* build msg adds rec hdr */ int recordHeaderSz = RECORD_HEADER_SZ; @@ -17320,6 +17320,11 @@ int SendCertificateRequest(WOLFSSL* ssl) recordHeaderSz += DTLS_RECORD_EXTRA; inputSz -= recordHeaderSz; + if (inputSz <= 0) { + WOLFSSL_MSG("Send Cert Req bad inputSz"); + return BUFFER_E; + } + input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; @@ -26691,6 +26696,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* WOLFSSL_ASYNC_CRYPT */ /* Final cleanup */ + if (args->input != NULL) { + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + args->input = NULL; + } FreeSskeArgs(ssl, args); FreeKeyExchange(ssl); diff --git a/src/ssl.c b/src/ssl.c index 7a7f44af7..6d3a8b67a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -28041,8 +28041,10 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, *p += idx; end: - if (ret != 0 && (sess == NULL || *sess != s)) + if (ret != 0 && (sess == NULL || *sess != s)) { wolfSSL_SESSION_free(s); + s = NULL; + } #endif return s; } @@ -29875,8 +29877,14 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) } else { privSz = pubSz; } - pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY); + if (pubSz > 0) { + pub = (unsigned char*)XMALLOC(pubSz, + NULL, DYNAMIC_TYPE_PUBLIC_KEY); + } + if (privSz > 0) { + priv = (unsigned char*)XMALLOC(privSz, + NULL, DYNAMIC_TYPE_PRIVATE_KEY); + } if (pub == NULL || priv == NULL) { WOLFSSL_MSG("Unable to malloc memory"); }