Merge pull request #8093 from philljj/fix_coverity

Fix coverity
2025-07-31 19:24:42 +02:00 · 2024-10-21 16:45:51 -06:00
parent 104c805b82 5690af82dc
commit b535d9f752
3 changed files with 42 additions and 14 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -13587,21 +13587,28 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx,

    #ifdef WOLFSSL_SMALL_STACK
        status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_STATUS);
+                                      DYNAMIC_TYPE_OCSP_STATUS);
        single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_ENTRY);
+                                     DYNAMIC_TYPE_OCSP_ENTRY);
        response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_REQUEST);
+                                          DYNAMIC_TYPE_OCSP_REQUEST);

        if (status == NULL || single == NULL || response == NULL) {
-            XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-            XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-            XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            if (status != NULL) {
+                XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+            }
+            if (single != NULL) {
+                XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+            }
+            if (response != NULL) {
+                XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            }

            return MEMORY_ERROR;
        }
    #endif

+    /* InitOcspResponse sets single and status to response struct. */
    InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap);

    if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0)
@@ -13622,12 +13629,14 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx,

    *inOutIdx += status_length;

+    /* FreeOcspResponse frees status and single only if
+     * single->isDynamic is set. */
    FreeOcspResponse(response);

    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-        XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-        XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+    XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+    XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+    XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
    #endif

    WOLFSSL_LEAVE("ProcessCSR", ret);
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -12429,8 +12429,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x,

    ALLOC_SP_INT(d, m->used + 1, err, NULL);
    if (err == MP_OKAY) {
-        sp_init_size(d, m->used + 1);
+        err = sp_init_size(d, m->used + 1);
+    }

+    if (err == MP_OKAY) {
        /* 1. x = m, y = a, b = 1, c = 0 */
        if (a != y) {
            _sp_copy(a, y);
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -33731,6 +33731,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
    word32 plaintextLen;
    word32 encryptLen = MAX_ECIES_TEST_SZ;
    word32 decryptLen = MAX_ECIES_TEST_SZ;
+    int    aInit = 0;
+    int    bInit = 0;

 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
    plaintext = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -33742,12 +33744,22 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
    wc_ecc_free(b);

    ret = wc_ecc_init(a);
-    if (ret != 0)
+    if (ret != 0) {
        ret = WC_TEST_RET_ENC_EC(ret);
+    }
+    else {
+        aInit = 1;
+    }
+
+
    if (ret == 0) {
        ret = wc_ecc_init(b);
-        if (ret != 0)
+        if (ret != 0) {
            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+        else {
+            bInit = 1;
+        }
    }

    if (ret == 0)
@@ -33809,8 +33821,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
    if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
        ret = WC_TEST_RET_ENC_NC;

-    wc_ecc_free(a);
-    wc_ecc_free(b);
+    if (aInit) {
+        wc_ecc_free(a);
+    }
+
+    if (bInit) {
+        wc_ecc_free(b);
+    }

    wc_ecc_ctx_free(aCtx);
    wc_ecc_ctx_free(bCtx);