Merge pull request #9313 from douzzer/20251016-Wnull-dereference

20251016-Wnull-dereference

src/pk.c

@@ -970,23 +970,23 @@ WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags)
     int err;
 
     /* Validate name is not NULL. */
-    err = (name == NULL);
-    if (!err) {
-        /* Allocate an RSA METHOD to return. */
-        meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL,
-            DYNAMIC_TYPE_OPENSSL);
-        err = (meth == NULL);
-    }
-    if (!err) {
-        XMEMSET(meth, 0, sizeof(*meth));
-        meth->flags = flags;
-        meth->dynamic = 1;
+    if (name == NULL)
+        return NULL;
+    /* Allocate an RSA METHOD to return. */
+    meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL,
+                                        DYNAMIC_TYPE_OPENSSL);
+    if (meth == NULL)
+        return NULL;
+
+    XMEMSET(meth, 0, sizeof(*meth));
+    meth->flags = flags;
+    meth->dynamic = 1;
+
+    name_len = (int)XSTRLEN(name);
+    meth->name = (char*)XMALLOC((size_t)(name_len + 1), NULL,
+        DYNAMIC_TYPE_OPENSSL);
+    err = (meth->name == NULL);
 
-        name_len = (int)XSTRLEN(name);
-        meth->name = (char*)XMALLOC((size_t)(name_len + 1), NULL,
-            DYNAMIC_TYPE_OPENSSL);
-        err = (meth->name == NULL);
-    }
     if (!err) {
         XMEMCPY(meth->name, name, (size_t)(name_len + 1));
     }

src/ssl.c

@@ -1153,8 +1153,8 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
 
 #ifdef OPENSSL_COMPATIBLE_DEFAULTS
     if (ctx) {
-        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-        wolfSSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
+        wolfSSL_CTX_set_mode(ctx, WOLFSSL_MODE_AUTO_RETRY);
         if (wolfSSL_CTX_set_min_proto_version(ctx,
                 (method->version.major == DTLS_MAJOR) ?
                 DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS ||

src/x509.c

@@ -10195,18 +10195,18 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
     keyTypeObj = wolfSSL_OBJ_nid2obj(key->type);
     if (keyTypeObj == NULL) {
         if (ptype == WOLFSSL_V_ASN1_OBJECT)
-            ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
+            wolfSSL_ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
-            ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
+            wolfSSL_ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
         goto error;
     }
     if (!wolfSSL_X509_ALGOR_set0(pk->algor, keyTypeObj, ptype, pval)) {
         WOLFSSL_MSG("Failed to create algorithm object");
-        ASN1_OBJECT_free(keyTypeObj);
+        wolfSSL_ASN1_OBJECT_free(keyTypeObj);
         if (ptype == WOLFSSL_V_ASN1_OBJECT)
-            ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
+            wolfSSL_ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
-            ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
+            wolfSSL_ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
         goto error;
     }
 

tests/api.c

@@ -20116,8 +20116,8 @@ static int test_wolfSSL_PKCS7_certs(void)
         while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
             X509_INFO* info = NULL;
             ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
-            ExpectIntGT(sk_X509_push(sk, info->x509), 0);
-            if (EXPECT_SUCCESS() && (info != NULL)) {
+            if (info != NULL) {
+                ExpectIntGT(sk_X509_push(sk, info->x509), 0);
                 info->x509 = NULL;
             }
             X509_INFO_free(info);
@@ -32422,8 +32422,10 @@ static int test_wolfSSL_X509V3_EXT_get(void)
         ExpectIntNE((extNid = ext->obj->nid), NID_undef);
         ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
         ExpectIntEQ(method->ext_nid, extNid);
-        if (method->ext_nid == NID_subject_key_identifier) {
-            ExpectNotNull(method->i2s);
+        if (EXPECT_SUCCESS()) {
+            if (method->ext_nid == NID_subject_key_identifier) {
+                ExpectNotNull(method->i2s);
+            }
         }
     }
 

wolfcrypt/src/asn.c

@@ -29961,9 +29961,17 @@ static int EncodeName(EncodedName* name, const char* nameStr,
                 break;
         #ifdef WOLFSSL_CUSTOM_OID
             case ASN_CUSTOM_NAME:
+                #ifdef __s390x__
+                    /* inhibit arch-specific false positive. */
+                    PRAGMA_GCC_DIAG_PUSH;
+                    PRAGMA_GCC("GCC diagnostic ignored \"-Wnull-dereference\"");
+                #endif
                 nameSz = (word32)cname->custom.valSz;
                 oid = cname->custom.oid;
                 oidSz = (word32)cname->custom.oidSz;
+                #ifdef __s390x__
+                    PRAGMA_GCC_DIAG_POP;
+                #endif
                 break;
         #endif
         #ifdef WOLFSSL_CERT_REQ

wolfcrypt/src/pkcs12.c

@@ -977,8 +977,10 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
             totalSz += seqSz;
 
             /* check if getting length only */
-            if (der == NULL && derSz != NULL) {
-                *derSz = (int)totalSz;
+            if (der == NULL) {
+                /* repeat nullness check locally to mollify -Wnull-dereference. */
+                if (derSz != NULL)
+                    *derSz = (int)totalSz;
                 XFREE(sdBuf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
                 return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }

wolfcrypt/src/port/af_alg/afalg_aes.c

@@ -186,6 +186,10 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
+            if (cmsg == NULL) {
+                WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesCbcEncrypt() returned NULL unexpectedly.");
+                return SYSLIB_FAILED_E;
+            }
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
                     (byte*)(aes->reg), AES_IV_SIZE);
             if (ret < 0) {
@@ -245,6 +249,10 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
+            if (cmsg == NULL) {
+                WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesCbcDecrypt() returned NULL unexpectedly.");
+                return SYSLIB_FAILED_E;
+            }
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
                     (byte*)(aes->reg), AES_IV_SIZE);
             if (ret != 0) {
@@ -397,6 +405,10 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
 
                 /* update IV */
                 cmsg = CMSG_FIRSTHDR(&(aes->msg));
+                if (cmsg == NULL) {
+                    WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesCtrEncrypt() returned NULL unexpectedly.");
+                    return SYSLIB_FAILED_E;
+                }
                 ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
                         (byte*)(aes->reg), AES_IV_SIZE);
                 if (ret < 0) {
@@ -613,7 +625,15 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
     msg = &(aes->msg);
     cmsg = CMSG_FIRSTHDR(msg);
+    if (cmsg == NULL) {
+        WOLFSSL_MSG("CMSG_FIRSTHDR() in wc_AesGcmEncrypt() returned NULL unexpectedly.");
+        return SYSLIB_FAILED_E;
+    }
     cmsg = CMSG_NXTHDR(msg, cmsg);
+    if (cmsg == NULL) {
+        WOLFSSL_MSG("CMSG_NEXTHDR() in wc_AesGcmEncrypt() returned NULL unexpectedly.");
+        return SYSLIB_FAILED_E;
+    }
 
     /* set IV and AAD size */
     ret = wc_Afalg_SetIv(cmsg, (byte*)iv, ivSz);