From ec429e50b14870a56ec2f39b7cac5e52f2449ee0 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Fri, 6 Apr 2018 07:45:12 -0500 Subject: [PATCH 1/6] Fixes for ssl.c --- src/ssl.c | 71 +++++++++++++++++++------------------------------------ 1 file changed, 24 insertions(+), 47 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index add3b78d4..6d2e85b6e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5465,11 +5465,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, resetSuites = 1; } } - #endif - + #else if (!rsaKey && !eccKey && !ed25519Key) return WOLFSSL_BAD_FILE; - + #endif (void)ed25519Key; (void)devId; } @@ -7238,7 +7237,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, long inSz) { WOLFSSL_EVP_PKEY* pkey = NULL; - const unsigned char* mem = *in; + const unsigned char* mem; long memSz = inSz; WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); @@ -7247,6 +7246,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, WOLFSSL_MSG("Bad argument"); return NULL; } + mem = *in; #if !defined(NO_RSA) { @@ -7386,6 +7386,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, if (local->pkey.ptr == NULL) { wolfSSL_EVP_PKEY_free(local); local = NULL; + return NULL; } else { XMEMCPY(local->pkey.ptr, *in + idx, inSz - idx); @@ -13608,8 +13609,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) const WOLFSSL_EVP_CIPHER* type, const byte* key, const byte* iv, int enc) { - int ret = -1; /* failure local, during function 0 means success - because internal functions work that way */ + int ret = 0; (void)key; (void)iv; (void)enc; @@ -13629,7 +13629,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->lastUsed = 0; ctx->flags = 0; } - ret = 0; #ifndef NO_AES #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 @@ -13654,7 +13653,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -13679,7 +13677,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -13708,7 +13705,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return ret; } } - ret = 0; } #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_CBC */ @@ -13735,7 +13731,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -13760,7 +13755,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -13785,7 +13779,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_CTR */ @@ -13806,7 +13799,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } if (ret != 0) return ret; - ret = 0; } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -13826,7 +13818,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } if (ret != 0) return ret; - ret = 0; } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -13846,7 +13837,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } if (ret != 0) return ret; - ret = 0; } #endif /* WOLFSSL_AES_256 */ #endif /* NO_AES */ @@ -13871,7 +13861,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (iv && key == NULL) wc_Des_SetIV(&ctx->cipher.des, iv); - ret = 0; } #ifdef WOLFSSL_DES_ECB else if (ctx->cipherType == DES_ECB_TYPE || @@ -13891,7 +13880,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif else if (ctx->cipherType == DES_EDE3_CBC_TYPE || @@ -13917,7 +13905,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } else if (ctx->cipherType == DES_EDE3_ECB_TYPE || (type && @@ -13936,7 +13923,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* NO_DES3 */ #ifndef NO_RC4 @@ -13951,7 +13937,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->keyLen = 16; /* default to 128 */ if (key) wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); - ret = 0; /* success */ } #endif /* NO_RC4 */ #ifdef HAVE_IDEA @@ -13975,7 +13960,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (iv && key == NULL) wc_IdeaSetIV(&ctx->cipher.idea, iv); - ret = 0; } #endif /* HAVE_IDEA */ if (ctx->cipherType == NULL_CIPHER_TYPE || (type && @@ -13984,13 +13968,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->cipherType = NULL_CIPHER_TYPE; ctx->keyLen = 0; ctx->block_size = 16; - ret = 0; /* success */ } - if (ret == 0) - return WOLFSSL_SUCCESS; - else - return 0; /* overall failure */ + return WOLFSSL_SUCCESS; } @@ -14066,7 +14046,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) case AES_192_CTR_TYPE : case AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); - wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); + ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); break; #endif /* WOLFSSL_AES_COUNTER */ #endif /* NO_AES */ @@ -16879,7 +16859,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) } if (dataSz < 0) { - sz = (int)XSTRLEN((const char*)data); + sz = (int)XSTRLEN((const char*)data) + 1; /* +1 for null */ } else { sz = dataSz; @@ -18359,7 +18339,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, { WC_PKCS12* pkcs12; WC_DerCertList* list = NULL; - word32 passSz = (word32)XSTRLEN(pass); + word32 passSz; byte* keyDer; word32 keyDerSz; byte* certDer; @@ -18373,6 +18353,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_LEAVE("wolfSSL_PKCS12_create()", BAD_FUNC_ARG); return NULL; } + passSz = (word32)XSTRLEN(pass); if ((ret = wolfSSL_i2d_PrivateKey(pkey, &keyDer)) < 0) { WOLFSSL_LEAVE("wolfSSL_PKCS12_create", ret); @@ -18401,7 +18382,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, } curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz); - if (certDer == NULL || curDerSz < 0) { + if (curDer == NULL || curDerSz < 0) { XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); wc_FreeCertList(list, NULL); return NULL; @@ -19595,7 +19576,7 @@ const char* wolfSSL_alert_desc_string_long(int alertID) * * ssl WOLFSSL structure to get state of * - * Retruns a human readable string of the WOLFSSL structure state + * Returns a human readable string of the WOLFSSL structure state */ const char* wolfSSL_state_string_long(const WOLFSSL* ssl) { @@ -21961,8 +21942,9 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) /* $RANDFILE was not set or is too large, check $HOME */ if (rt == NULL) { + WOLFSSL_MSG("Environment variable RANDFILE not set"); if ((rt = XGETENV("HOME")) == NULL) { - WOLFSSL_MSG("Unable to get HOME variable"); + WOLFSSL_MSG("Environment variable HOME not set"); return NULL; } @@ -21973,16 +21955,11 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) return fname; } else { - WOLFSSL_MSG("Buffer too small"); + WOLFSSL_MSG("HOME too large for buffer"); return NULL; } } - if (rt == NULL) { - WOLFSSL_MSG("Enviroment variable RANDFILE or HOME not set"); - return NULL; - } - return fname; #else /* no filesystem defined */ @@ -22077,7 +22054,7 @@ int wolfSSL_RAND_write_file(const char* fname) * * nm is the file path to the egd server * - * Retruns the number of bytes read. + * Returns the number of bytes read. */ int wolfSSL_RAND_egd(const char* nm) { @@ -22106,7 +22083,7 @@ int wolfSSL_RAND_egd(const char* nm) } fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd <= 0) { + if (fd < 0) { WOLFSSL_MSG("Error creating socket"); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -22115,7 +22092,7 @@ int wolfSSL_RAND_egd(const char* nm) } if (ret == WOLFSSL_SUCCESS) { rem.sun_family = AF_UNIX; - XMEMCPY(rem.sun_path, nm, XSTRLEN(nm)); + XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path)); } /* connect to egd server */ @@ -25081,7 +25058,7 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, return WOLFSSL_FAILURE; } sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if(sigRet == NULL){ + if(sigDec == NULL){ WOLFSSL_MSG("Memory failure"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; @@ -25788,7 +25765,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, } if (doset) - wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ + (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ else XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); } @@ -29222,7 +29199,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) else return NULL; - /* check calulated length */ + /* check calculated length */ if (l - i < 0) return NULL; pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_PEM); @@ -29238,8 +29215,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) { if (pem[i-1] == '\r') { /* found \r , Windows line ending is \r\n so try to read one - * more byte for \n */ - wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); + * more byte for \n, ignoring return value */ + (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); } break; } From c6ad885459db2e464421a36f5496f53ca69ce95a Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Fri, 6 Apr 2018 09:08:00 -0500 Subject: [PATCH 2/6] Coverity fixes for tls.c/n CID 184996 185112 185122 --- src/tls.c | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/src/tls.c b/src/tls.c index e81ae0eb2..2b4bb7917 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5313,18 +5313,22 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) /* Make an ECC key. */ ret = wc_curve25519_init(key); - if (ret != 0) + if (ret != 0) { + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; + } ret = wc_curve25519_make_key(ssl->rng, keySize, key); - if (ret != 0) + if (ret != 0) { + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; - + } /* Allocate space for the public key. */ keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (keyData == NULL) { WOLFSSL_MSG("Key data Memory error"); ret = MEMORY_E; + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; } @@ -5332,6 +5336,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) if (wc_curve25519_export_public_ex(key, keyData, &dataSize, EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_EXPORT_ERROR; + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; } @@ -5716,27 +5721,28 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return MEMORY_ERROR; } ret = wc_curve25519_init(peerEccKey); - if (ret != 0) - return ret; + if (ret == 0) { #ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG("Peer Curve25519 Key"); - WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); + WOLFSSL_MSG("Peer Curve25519 Key"); + WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); #endif - - /* Point is validated by import function. */ - if (wc_curve25519_import_public_ex(keyShareEntry->ke, - keyShareEntry->keLen, peerEccKey, - EC25519_LITTLE_ENDIAN) != 0) { - return ECC_PEERKEY_ERROR; + /* Point is validated by import function. */ + if (wc_curve25519_import_public_ex(keyShareEntry->ke, + keyShareEntry->keLen, peerEccKey, + EC25519_LITTLE_ENDIAN) != 0) { + ret = ECC_PEERKEY_ERROR; + } + else { + ssl->arrays->preMasterSz = ENCRYPT_LEN; + ret = wc_curve25519_shared_secret_ex(key, peerEccKey, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz, + EC25519_LITTLE_ENDIAN); + wc_curve25519_free(peerEccKey); + ssl->ecdhCurveOID = ECC_X25519_OID; + } } - - ssl->arrays->preMasterSz = ENCRYPT_LEN; - ret = wc_curve25519_shared_secret_ex(key, peerEccKey, - ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, - EC25519_LITTLE_ENDIAN); - wc_curve25519_free(peerEccKey); XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX); - ssl->ecdhCurveOID = ECC_X25519_OID; return ret; } #endif @@ -8158,9 +8164,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) (void)public_key_len; (void)ssl; - if (ret == WOLFSSL_SUCCESS) - ret = 0; - return ret; } From 920e6ed91151b4e2b4a19853100bf9761c579dba Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Fri, 6 Apr 2018 09:30:54 -0500 Subject: [PATCH 3/6] Fix warning in ssl.c --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 6d2e85b6e..d01670578 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13969,7 +13969,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->keyLen = 0; ctx->block_size = 16; } - + (void)ret; /* remove warning. If execution reaches this point, ret=0 */ return WOLFSSL_SUCCESS; } From d2c1a1906d0c7f03cdacf064305c80c73836f7ec Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Fri, 6 Apr 2018 11:10:37 -0500 Subject: [PATCH 4/6] Fixes for CID 184980 185017 185047 185167 --- src/tls13.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index 72afb1a95..4e38f16d1 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -953,7 +953,7 @@ static const byte writeIVLabel[WRITE_IV_LABEL_SZ+1] = "iv"; */ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) { - int ret; + int ret = BAD_FUNC_ARG; /* Assume failure */ int i = 0; #ifdef WOLFSSL_SMALL_STACK byte* key_dig; @@ -2012,12 +2012,15 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, switch (ssl->options.buildMsgState) { case BUILD_MSG_BEGIN: { - if (output == NULL || input == NULL) - return BAD_FUNC_ARG; - /* catch mistaken sizeOnly parameter */ - if (sizeOnly && (output || input)) { - WOLFSSL_MSG("BuildTls13Message with sizeOnly doesn't need " - "input or output"); + /* catch mistaken sizeOnly parameter */ + if (sizeOnly) { + if (output || input) { + WOLFSSL_MSG("BuildTls13Message with sizeOnly " + "doesn't need input or output"); + return BAD_FUNC_ARG; + } + } + else if (output == NULL || input == NULL) { return BAD_FUNC_ARG; } From 86767e727c271ae083a0e4177ded0c0b35f4a65a Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Fri, 6 Apr 2018 13:15:16 -0500 Subject: [PATCH 5/6] Fixes for CID 185033 185028 185142 185064 185068 185079 185147 --- src/bio.c | 2 +- src/crl.c | 2 ++ src/internal.c | 12 +++++++----- src/ocsp.c | 5 +++-- src/ssl.c | 6 ++++-- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/bio.c b/src/bio.c index 16b099eca..2c7f037cf 100644 --- a/src/bio.c +++ b/src/bio.c @@ -134,7 +134,7 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); /* already got eof, again is error */ - if (bio && front->eof) + if (front->eof) return WOLFSSL_FATAL_ERROR; ret = wolfSSL_read(bio->ssl, buf, len); diff --git a/src/crl.c b/src/crl.c index 42e3e50e2..fd7a2e99b 100644 --- a/src/crl.c +++ b/src/crl.c @@ -247,6 +247,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr ca = GetCA(crl->cm, issuerHash); #endif /* NO_SKID */ if (ca == NULL) { + XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); WOLFSSL_MSG("Did NOT find CRL issuer CA"); return ASN_CRL_NO_SIGNER_E; } diff --git a/src/internal.c b/src/internal.c index 78bb88799..422c1de12 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11744,10 +11744,10 @@ static INLINE void RmdRounds(int rounds, const byte* data, int sz) RipeMd ripemd; int i; - wc_InitRipeMd(&ripemd); + (void)wc_InitRipeMd(&ripemd); for (i = 0; i < rounds; i++) - wc_RipeMdUpdate(&ripemd, data, sz); + (void)wc_RipeMdUpdate(&ripemd, data, sz); } #endif @@ -14681,11 +14681,13 @@ int SendAlert(WOLFSSL* ssl, int severity, int type) if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) return ret; + /* Check output buffer */ + if (ssl->buffers.outputBuffer.buffer == NULL) + return BUFFER_E; + /* get output buffer */ output = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; - if (output == NULL) - return BUFFER_E; input[0] = (byte)severity; input[1] = (byte)type; @@ -18380,7 +18382,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #endif if (ssl->peerEccKey == NULL) { - AllocKey(ssl, DYNAMIC_TYPE_ECC, + ret = AllocKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey); if (ret != 0) { goto exit_dske; diff --git a/src/ocsp.c b/src/ocsp.c index e7bb54290..c5d672b69 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -651,9 +651,10 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, l = XFTELL(bio->file); if (l < 0) return NULL; - XFSEEK(bio->file, i, SEEK_SET); + if (XFSEEK(bio->file, i, SEEK_SET) != 0) + return NULL; - /* check calulated length */ + /* check calculated length */ if (l - i <= 0) return NULL; diff --git a/src/ssl.c b/src/ssl.c index d01670578..421491297 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29186,11 +29186,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) i = XFTELL(bp->file); if (i < 0) return NULL; - XFSEEK(bp->file, 0, SEEK_END); + if (XFSEEK(bp->file, 0, SEEK_END) != 0) + return NULL; l = XFTELL(bp->file); if (l < 0) return NULL; - XFSEEK(bp->file, i, SEEK_SET); + if (XFSEEK(bp->file, i, SEEK_SET) != 0) + return NULL; #else WOLFSSL_MSG("Unable to read file with NO_FILESYSTEM defined"); return NULL; From 36b9b0b558831c191535dc1a6dec9e3b2fd53a3a Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Fri, 6 Apr 2018 17:29:27 -0500 Subject: [PATCH 6/6] Updates from code review --- src/bio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/bio.c b/src/bio.c index 2c7f037cf..e26c9afef 100644 --- a/src/bio.c +++ b/src/bio.c @@ -131,10 +131,10 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, { int ret; - WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); + WOLFSSL_ENTER("wolfSSL_BIO_SSL_read"); /* already got eof, again is error */ - if (front->eof) + if ((front == NULL) || front->eof) return WOLFSSL_FATAL_ERROR; ret = wolfSSL_read(bio->ssl, buf, len); @@ -168,7 +168,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) WOLFSSL_ENTER("wolfSSL_BIO_read"); /* start at end of list and work backwards */ - while (bio->next != NULL) { + while ((bio != NULL) && (bio->next != NULL)) { bio = bio->next; }