wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7890 from embhorn/zd18463

Browse Source 
Various Coverity fixes
This commit is contained in:
Daniel Pouzzner
2024-08-26 23:34:23 -05:00
committed by GitHub
parent bf074d2bb9 6dab58266d
commit 2537e08a99
6 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_load.c
View File

@ -1560,7 +1560,9 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
} }
#endif #endif
#ifndef WC_STRICT_SIG #ifndef WC_STRICT_SIG
wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID); if ((ctx != NULL) || (ssl != NULL)) {
wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID);
}
#else #else
/* Set whether ECC is available based on signature available. */ /* Set whether ECC is available based on signature available. */
if (ssl != NULL) { if (ssl != NULL) {

8
src/ssl_sess.c
View File

@ -1711,12 +1711,12 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
WOLFSSL_MSG("Client cache serverRow or serverIdx invalid"); WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
error = -1; error = -1;
} }
/* Prevent memory access before clientSession->serverRow and
* clientSession->serverIdx are sanitized. */
XFENCE();
if (error == 0) { if (error == 0) {
/* Lock row */ /* Lock row */
sessRow = &SessionCache[clientSession->serverRow]; sessRow = &SessionCache[clientSession->serverRow];
/* Prevent memory access before clientSession->serverRow and
* clientSession->serverIdx are sanitized. */
XFENCE();
error = SESSION_ROW_RD_LOCK(sessRow); error = SESSION_ROW_RD_LOCK(sessRow);
if (error != 0) { if (error != 0) {
WOLFSSL_MSG("Session cache row lock failure"); WOLFSSL_MSG("Session cache row lock failure");
@ -1729,6 +1729,8 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
#else #else
cacheSession = &sessRow->Sessions[clientSession->serverIdx]; cacheSession = &sessRow->Sessions[clientSession->serverIdx];
#endif #endif
/* Prevent memory access */
XFENCE();
if (cacheSession && cacheSession->sessionIDSz == 0) { if (cacheSession && cacheSession->sessionIDSz == 0) {
cacheSession = NULL; cacheSession = NULL;
WOLFSSL_MSG("Session cache entry not set"); WOLFSSL_MSG("Session cache entry not set");

2
src/tls13.c
View File

@ -12347,7 +12347,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
{ {
int ret = 0, tmp; int ret = 0, tmp;
word32 inIdx = *inOutIdx; word32 inIdx = *inOutIdx;
int alertType = invalid_alert; int alertType;
#if defined(HAVE_ECH) #if defined(HAVE_ECH)
TLSX* echX = NULL; TLSX* echX = NULL;
word32 echInOutIdx; word32 echInOutIdx;

11
wolfcrypt/src/asn.c
View File

@ -1500,6 +1500,8 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
int minDepth; int minDepth;
/* Integer had a zero prepended. */ /* Integer had a zero prepended. */
int zeroPadded; int zeroPadded;
word32 tmpW32Val;
signed char tmpScharVal;
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
WOLFSSL_ENTER("GetASN_Items"); WOLFSSL_ENTER("GetASN_Items");
@ -1538,14 +1540,18 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
/* Check if first of numbered choice. */ /* Check if first of numbered choice. */
if (choice == 0 && asn[i].optional > 1) { if (choice == 0 && asn[i].optional > 1) {
choice = asn[i].optional; choice = asn[i].optional;
if (choiceMet[choice - 2] == -1) { tmpScharVal = choiceMet[choice - 2];
XFENCE(); /* Prevent memory access */
if (tmpScharVal == -1) {
/* Choice seen but not found a match yet. */ /* Choice seen but not found a match yet. */
choiceMet[choice - 2] = 0; choiceMet[choice - 2] = 0;
} }
} }
/* Check for end of data or not a choice and tag not matching. */ /* Check for end of data or not a choice and tag not matching. */
if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE && tmpW32Val = endIdx[depth];
XFENCE(); /* Prevent memory access */
if (idx == tmpW32Val || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
(input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) { (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) {
if (asn[i].optional) { if (asn[i].optional) {
/* Skip over ASN.1 items underneath this optional item. */ /* Skip over ASN.1 items underneath this optional item. */
@ -1613,6 +1619,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
/* Store found tag in data. */ /* Store found tag in data. */
data[i].tag = input[idx]; data[i].tag = input[idx];
XFENCE(); /* Prevent memory access */
if (data[i].dataType != ASN_DATA_TYPE_CHOICE) { if (data[i].dataType != ASN_DATA_TYPE_CHOICE) {
int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED; int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED;
/* Check constructed match expected for non-choice ASN.1 item. */ /* Check constructed match expected for non-choice ASN.1 item. */

2
wolfcrypt/src/rsa.c
View File

@ -5243,7 +5243,7 @@ int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
if (err == MP_OKAY) { if (err == MP_OKAY) {
key->type = RSA_PRIVATE; key->type = RSA_PRIVATE;
} }
else { else if (key != NULL) {
mp_clear(&key->n); mp_clear(&key->n);
mp_clear(&key->e); mp_clear(&key->e);
mp_clear(&key->d); mp_clear(&key->d);

2
wolfcrypt/src/wc_port.c
View File

@ -1183,7 +1183,7 @@ char* wc_strdup_ex(const char *src, int memType) {
word32 len = 0; word32 len = 0;
if (src) { if (src) {
len = (word32)XSTRLEN(src); len = (word32)XSTRLEN(src) + 1; /* Add one for null terminator */
ret = (char*)XMALLOC(len, NULL, memType); ret = (char*)XMALLOC(len, NULL, memType);
if (ret != NULL) { if (ret != NULL) {
XMEMCPY(ret, src, len); XMEMCPY(ret, src, len);