Merge pull request #7890 from embhorn/zd18463

Various Coverity fixes
2025-07-29 18:27:29 +02:00 · 2024-08-26 23:34:23 -05:00
parent bf074d2bb9 6dab58266d
commit 2537e08a99
6 changed files with 20 additions and 9 deletions
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@ -1560,7 +1560,9 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
    }
    #endif
 #ifndef WC_STRICT_SIG
-    wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID);
+    if ((ctx != NULL) || (ssl != NULL)) {
+        wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID);
+    }
 #else
    /* Set whether ECC is available based on signature available. */
    if (ssl != NULL) {
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
@ -1711,12 +1711,12 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
            WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
            error = -1;
        }
-        /* Prevent memory access before clientSession->serverRow and
-         * clientSession->serverIdx are sanitized. */
-        XFENCE();
        if (error == 0) {
            /* Lock row */
            sessRow = &SessionCache[clientSession->serverRow];
+            /* Prevent memory access before clientSession->serverRow and
+             * clientSession->serverIdx are sanitized. */
+            XFENCE();
            error = SESSION_ROW_RD_LOCK(sessRow);
            if (error != 0) {
                WOLFSSL_MSG("Session cache row lock failure");
@ -1729,6 +1729,8 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
 #else
            cacheSession = &sessRow->Sessions[clientSession->serverIdx];
 #endif
+            /* Prevent memory access */
+            XFENCE();
            if (cacheSession && cacheSession->sessionIDSz == 0) {
                cacheSession = NULL;
                WOLFSSL_MSG("Session cache entry not set");
--- a/src/tls13.c
+++ b/src/tls13.c
@ -12347,7 +12347,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 {
    int ret = 0, tmp;
    word32 inIdx = *inOutIdx;
-    int alertType = invalid_alert;
+    int alertType;
 #if defined(HAVE_ECH)
    TLSX* echX = NULL;
    word32 echInOutIdx;
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -1500,6 +1500,8 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
    int    minDepth;
    /* Integer had a zero prepended. */
    int    zeroPadded;
+    word32 tmpW32Val;
+    signed char tmpScharVal;

 #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
    WOLFSSL_ENTER("GetASN_Items");
@ -1538,14 +1540,18 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
        /* Check if first of numbered choice. */
        if (choice == 0 && asn[i].optional > 1) {
            choice = asn[i].optional;
-            if (choiceMet[choice - 2] == -1) {
+            tmpScharVal = choiceMet[choice - 2];
+            XFENCE(); /* Prevent memory access */
+            if (tmpScharVal == -1) {
                /* Choice seen but not found a match yet. */
                choiceMet[choice - 2] = 0;
            }
        }

        /* Check for end of data or not a choice and tag not matching. */
-        if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
+        tmpW32Val = endIdx[depth];
+        XFENCE(); /* Prevent memory access */
+        if (idx == tmpW32Val || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
                              (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) {
            if (asn[i].optional) {
                /* Skip over ASN.1 items underneath this optional item. */
@ -1613,6 +1619,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,

        /* Store found tag in data. */
        data[i].tag = input[idx];
+        XFENCE(); /* Prevent memory access */
        if (data[i].dataType != ASN_DATA_TYPE_CHOICE) {
            int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED;
            /* Check constructed match expected for non-choice ASN.1 item. */
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@ -5243,7 +5243,7 @@ int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
    if (err == MP_OKAY) {
        key->type = RSA_PRIVATE;
    }
-    else {
+    else if (key != NULL) {
        mp_clear(&key->n);
        mp_clear(&key->e);
        mp_clear(&key->d);
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@ -1183,7 +1183,7 @@ char* wc_strdup_ex(const char *src, int memType) {
    word32 len = 0;

    if (src) {
-        len = (word32)XSTRLEN(src);
+        len = (word32)XSTRLEN(src) + 1; /* Add one for null terminator */
        ret = (char*)XMALLOC(len, NULL, memType);
        if (ret != NULL) {
            XMEMCPY(ret, src, len);