fixes for static analysis reports

2025-07-29 18:27:29 +02:00 · 2023-03-21 20:03:49 -07:00
parent 7c122cda6d
commit c11f5d0ee5
3 changed files with 20 additions and 13 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -698,7 +698,9 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
                (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
                ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
            configList = workingConfig;
-            workingConfig->next = NULL;
+            if (workingConfig != NULL) {
+                workingConfig->next = NULL;
+            }
        }
        else {
            lastConfig = workingConfig;
--- a/src/tls13.c
+++ b/src/tls13.c
@ -3349,12 +3349,14 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
    TLSX* ext;
    word16 cookieSz = 0;

+    if (hash == NULL || hashSz == 0) {
+        return BAD_FUNC_ARG;
+    }
+
    /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
    cookie[cookieSz++] = (byte)hashSz;
-    if (hashSz > 0) {
-        XMEMCPY(cookie + cookieSz, hash, hashSz);
-        cookieSz += hashSz;
-    }
+    XMEMCPY(cookie + cookieSz, hash, hashSz);
+    cookieSz += hashSz;
    cookie[cookieSz++] = cipherSuite0;
    cookie[cookieSz++] = cipherSuite;
    if ((ext = TLSX_Find(*exts, TLSX_KEY_SHARE)) != NULL) {
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@ -1167,13 +1167,13 @@ static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData,
    /* re-allocate new buffer to fit appended data */
    mergedData = (byte*)XMALLOC(oldContentSz + inSz, pkcs12->heap,
            DYNAMIC_TYPE_PKCS);
-
-    if (oldContent != NULL) {
-        XMEMCPY(mergedData, oldContent, oldContentSz);
+    if (mergedData != NULL) {
+        if (oldContent != NULL) {
+            XMEMCPY(mergedData, oldContent, oldContentSz);
+        }
+        XMEMCPY(mergedData + oldContentSz, in, inSz);
+        *mergedSz += inSz;
    }
-    XMEMCPY(mergedData + oldContentSz, in, inSz);
-    *mergedSz += inSz;
-
    XFREE(oldContent, pkcs12->heap, DYNAMIC_TYPE_PKCS);

    return mergedData;
@ -1186,7 +1186,7 @@ static int PKCS12_CheckConstructedZero(byte* data, word32 dataSz, word32* idx)
    word32 oid;
    int    ret = 0;
    int    number, size;
-    byte   tag;
+    byte   tag = 0;

    if (GetSequence(data, idx, &size, dataSz) < 0) {
        ret = ASN_PARSE_E;
@ -1214,7 +1214,7 @@ static int PKCS12_CheckConstructedZero(byte* data, word32 dataSz, word32* idx)
    if (ret == 0 && GetASNTag(data, idx, &tag, dataSz) < 0) {
        ret = ASN_PARSE_E;
    }
-    else if (ret == 0 && tag == 0xa0) {
+    else if (ret == 0 && tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
        ret = 1;
    }

@ -1264,6 +1264,9 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
            }
            mergedData = PKCS12_ConcatonateContent(pkcs12, mergedData,
                    &mergedSz, &data[*idx], encryptedContentSz);
+            if (mergedData == NULL) {
+                ret = MEMORY_E;
+            }
        }
        if (ret != 0) {
            break;