wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7718 from douzzer/20240705-coverity-fixes

Browse Source 
20240705-coverity-fixes
This commit is contained in:
JacobBarthelmeh
2024-07-06 21:53:16 -06:00
committed by GitHub
parent d8757a51b3 e35e713c4a
commit 595e71d7f4
6 changed files with 62 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/internal.c
View File

@@ -14955,44 +14955,65 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (ret == 0 && addToPendingCAs && !alreadySigner) {
DecodedCert dCertAdd;
DerBuffer *derBuffer;
#ifdef WOLFSSL_SMALL_STACK
DecodedCert *dCertAdd = NULL;
#else
DecodedCert dCertAdd[1];
#endif
int dCertAdd_inited = 0;
DerBuffer *derBuffer = NULL;
buffer* cert = &args->certs[args->certIdx];
Signer *s;
InitDecodedCert(&dCertAdd, cert->buffer, cert->length, ssl->heap);
ret = ParseCert(&dCertAdd, CA_TYPE, NO_VERIFY, SSL_CM(ssl));
Signer *s = NULL;
#ifdef WOLFSSL_SMALL_STACK
dCertAdd = (DecodedCert *)
XMALLOC(sizeof(*dCertAdd), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (dCertAdd == NULL) {
ret = MEMORY_E;
goto exit_req_v2;
}
#endif
InitDecodedCert(dCertAdd, cert->buffer, cert->length,
ssl->heap);
dCertAdd_inited = 1;
ret = ParseCert(dCertAdd, CA_TYPE, NO_VERIFY,
SSL_CM(ssl));
if (ret != 0) {
FreeDecodedCert(&dCertAdd);
goto exit_ppc;
goto exit_req_v2;
}
ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap);
if (ret != 0 || derBuffer == NULL) {
FreeDecodedCert(&dCertAdd);
goto exit_ppc;
goto exit_req_v2;
}
XMEMCPY(derBuffer->buffer, cert->buffer, cert->length);
s = MakeSigner(SSL_CM(ssl)->heap);
if (s == NULL) {
FreeDecodedCert(&dCertAdd);
FreeDer(&derBuffer);
ret = MEMORY_E;
goto exit_ppc;
goto exit_req_v2;
}
ret = FillSigner(s, &dCertAdd, CA_TYPE, derBuffer);
FreeDecodedCert(&dCertAdd);
FreeDer(&derBuffer);
ret = FillSigner(s, dCertAdd, CA_TYPE, derBuffer);
if (ret != 0) {
FreeSigner(s, SSL_CM(ssl)->heap);
goto exit_ppc;
goto exit_req_v2;
}
skipAddCA = 1;
ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s);
if (ret != 0) {
FreeSigner(s, ssl->heap);
goto exit_ppc;
}
}
exit_req_v2:
if (s && (ret != 0))
FreeSigner(s, SSL_CM(ssl)->heap);
if (derBuffer)
FreeDer(&derBuffer);
if (dCertAdd_inited)
FreeDecodedCert(dCertAdd);
#ifdef WOLFSSL_SMALL_STACK
if (dCertAdd)
XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ret != 0)
goto exit_ppc;
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
/* If valid CA then add to Certificate Manager */
if (ret == 0 && args->dCert->isCA &&

5
src/wolfio.c
View File

@@ -1612,6 +1612,11 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
/* read data if no \r\n or first time */
if ((start == NULL) || (end == NULL)) {
if (httpBufSz < len + 1) {
return BUFFER_ERROR; /* can't happen, but Coverity thinks it
* can.
*/
}
result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
if (result > 0) {
len += result;

4
wolfcrypt/src/aes.c
View File

@@ -12910,10 +12910,6 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz,
return BAD_FUNC_ARG;
}
if (iSz < AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE);
stream->bytes_crypted_with_this_tweak = 0;

5
wolfcrypt/src/asn.c
View File

@@ -24067,7 +24067,7 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der)
if (ret == 0 && signer != NULL) {
if (cert->extSapkiSet && cert->sapkiLen > 0) {
/* Allocated space for alternative public key. */
signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cm->heap,
signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (signer->sapkiDer == NULL) {
ret = MEMORY_E;
@@ -24083,7 +24083,8 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der)
#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL)
if (ret == 0 && signer != NULL)
ret = CalcHashId(cert->serial, cert->serialSz, signer->serialHash);
ret = CalcHashId(cert->serial, (word32)cert->serialSz,
signer->serialHash);
#endif
if (ret == 0 && signer != NULL) {
#ifdef WOLFSSL_SIGNER_DER_CERT

5
wolfcrypt/src/rsa.c
View File

@@ -4017,7 +4017,10 @@ int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inSz, byte* sig,
/* Sig = Salt | Exp Hash */
if (ret == 0) {
if (sigSz != inSz + (word32)saltLen) {
word32 totalSz;
if ((WC_SAFE_SUM_WORD32(inSz, (word32)saltLen, totalSz) == 0) ||
(sigSz != totalSz))
{
ret = PSS_SALTLEN_E;
}
}

8
wolfcrypt/src/wc_encrypt.c
View File

@@ -545,9 +545,15 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
iterations, (int)derivedLen, typeH, 1);
if (ret < 0)
break;
if (id != PBE_SHA1_RC4_128) {
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
i = ret;
ret = wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
saltSz, iterations, 8, typeH, 2);
if (ret < 0)
break;
ret += i;
}
break;
}