wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6922 from JacobBarthelmeh/coverity

Browse Source 
clean up some coverity reports
This commit is contained in:
David Garske
2023-10-27 18:40:02 -07:00
committed by GitHub
parent 1dd6888288 c3ed45d331
commit cc45b31470
7 changed files with 55 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/internal.c
View File

@ -13353,6 +13353,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
}
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
filename = NULL;
}
#else
(void) type;
@ -15478,6 +15479,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
else if (idx == 1) /* server cert must be OK */
ret = BAD_CERTIFICATE_STATUS_ERROR;
}
/* only frees 'single' if single->isDynamic is set */
FreeOcspResponse(response);
*inOutIdx += status_length;

35
src/ssl.c
View File

@ -6464,7 +6464,8 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
#ifdef WOLF_PRIVATE_KEY_ID
if ((ret != 0) && (devId != INVALID_DEVID
#ifdef HAVE_PK_CALLBACKS
|| wolfSSL_CTX_IsPrivatePkSet(ctx)
|| ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
#endif
)) {
word32 nSz;
@ -6542,7 +6543,8 @@ static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
#ifdef WOLF_PRIVATE_KEY_ID
if (ret != 0 && (devId != INVALID_DEVID
#ifdef HAVE_PK_CALLBACKS
|| wolfSSL_CTX_IsPrivatePkSet(ctx)
|| ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
#endif
)) {
/* if using crypto or PK callbacks, try public key decode */
@ -6623,7 +6625,8 @@ static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
#ifdef WOLF_PRIVATE_KEY_ID
if (ret != 0 && (devId != INVALID_DEVID
#ifdef HAVE_PK_CALLBACKS
|| wolfSSL_CTX_IsPrivatePkSet(ctx)
|| ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
#endif
)) {
/* if using crypto or PK callbacks, try public key decode */
@ -6709,7 +6712,8 @@ static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
#ifdef WOLF_PRIVATE_KEY_ID
if (ret != 0 && (devId != INVALID_DEVID
#ifdef HAVE_PK_CALLBACKS
|| wolfSSL_CTX_IsPrivatePkSet(ctx)
|| ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
#endif
)) {
/* if using crypto or PK callbacks, try public key decode */
@ -6788,7 +6792,8 @@ static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
#ifdef WOLF_PRIVATE_KEY_ID
if (ret != 0 && (devId != INVALID_DEVID
#ifdef HAVE_PK_CALLBACKS
|| wolfSSL_CTX_IsPrivatePkSet(ctx)
|| ((ssl == NULL) ? wolfSSL_CTX_IsPrivatePkSet(ctx) :
wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
#endif
)) {
/* if using crypto or PK callbacks, try public key decode */
@ -29974,12 +29979,16 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
#endif
) {
if (get) {
*getRet = wolfSSL_CRYPTO_get_ex_data(
if (getRet) {
*getRet = wolfSSL_CRYPTO_get_ex_data(
&cacheSession->ex_data, idx);
}
}
else {
*setRet = wolfSSL_CRYPTO_set_ex_data(
if (setRet) {
*setRet = wolfSSL_CRYPTO_set_ex_data(
&cacheSession->ex_data, idx, data);
}
}
foundCache = 1;
break;
@ -36384,7 +36393,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
#endif
XMEMSET(line, 0, MAX_MIME_LINE_LEN);
while ((lineLen = wolfSSL_BIO_gets(in, line, (int)sizeof(line))) > 0) {
while ((lineLen = wolfSSL_BIO_gets(in, line, MAX_MIME_LINE_LEN)) > 0) {
if (line[lineLen - 1] == '\r' || line[lineLen - 1] == '\n') {
canonLineLen = (word32)lineLen;
@ -36769,7 +36778,7 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
hashType = wc_OidGetHash(p7->hashOID);
hashSz = wc_HashGetDigestSize(hashType);
if (hashSz > WC_MAX_DIGEST_SIZE)
return WOLFSSL_FAILURE;
goto error;
/* only SIGNED_DATA is supported */
switch (p7->contentOID) {
@ -36777,18 +36786,18 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
break;
default:
WOLFSSL_MSG("Unknown PKCS#7 Type");
return WOLFSSL_FAILURE;
goto error;
};
if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0)
return WOLFSSL_FAILURE;
goto error;
outputSz = outputHeadSz + p7->contentSz + outputFootSz;
output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (!output)
return WOLFSSL_FAILURE;
goto error;
XMEMSET(output, 0, outputSz);
outputSz = 0;
@ -37177,6 +37186,8 @@ error:
XFREE(section, NULL, DYNAMIC_TYPE_PKCS7);
if (canonSection != NULL)
XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7);
if (canonLine != NULL)
XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
if (bcont) {
wolfSSL_BIO_free(*bcont);
*bcont = NULL; /* reset 'bcount' pointer to NULL on failure */

15
src/x509.c
View File

@ -1548,15 +1548,19 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
if (sk->next) {
if ((valLen = XSNPRINTF(val, len, "%*s%s,",
indent, "", str->strData))
>= len)
>= len) {
XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return rc;
}
} else {
if ((valLen = XSNPRINTF(val, len, "%*s%s",
indent, "", str->strData))
>= len)
>= len) {
XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return rc;
}
}
if (tmpLen + valLen > tmpSz) {
if ((tmpLen + valLen) >= tmpSz) {
XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return rc;
}
@ -6480,7 +6484,8 @@ static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig,
break;
}
}
if (valLen >= (int)sizeof(tmp) - tmpLen - 1) {
if ((tmpLen < 0) || (valLen < 0) ||
(valLen >= ((int)sizeof(tmp) - tmpLen - 1))) {
ret = WOLFSSL_FAILURE;
break;
}
@ -12823,6 +12828,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
>= tmpSz)
{
WOLFSSL_MSG("buffer overrun");
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE;
}
@ -12833,6 +12839,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
>= tmpSz)
{
WOLFSSL_MSG("buffer overrun");
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE;
}
tmpSz = len + nameStrSz + 1; /* 1 for '=' */

3
wolfcrypt/src/asn.c
View File

@ -33607,6 +33607,9 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
if (input == NULL || inOutIdx == NULL || inSz == 0 ||
privKey == NULL || privKeyLen == NULL) {
#ifdef WOLFSSL_ASN_TEMPLATE
FREE_ASNGETDATA(dataASN, NULL);
#endif
return BAD_FUNC_ARG;
}

6
wolfcrypt/src/hpke.c
View File

@ -785,8 +785,10 @@ static int wc_HpkeEncap(Hpke* hpke, void* ephemeralKey, void* receiverKey,
#ifdef ECC_TIMING_RESISTANT
rng = wc_rng_new(NULL, 0, hpke->heap);
if (rng == NULL)
return RNG_FAILURE_E;
if (rng == NULL) {
ret = RNG_FAILURE_E;
break;
}
wc_ecc_set_rng((ecc_key*)ephemeralKey, rng);
#endif

8
wolfcrypt/src/pkcs7.c
View File

@ -6107,11 +6107,15 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(kari->senderKey, rng);
if (ret != 0)
if (ret != 0) {
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
return ret;
}
ret = wc_ecc_set_rng(kari->recipKey, rng);
if (ret != 0)
if (ret != 0) {
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
return ret;
}
#else
(void)rng;
#endif

6
wolfcrypt/src/random.c
View File

@ -1866,9 +1866,13 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
if (ret == DRBG_SUCCESS)
ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
ForceZero(newSeed, sizeof(newSeed));
#ifdef WOLFSSL_SMALL_STACK
if (newSeed != NULL) {
ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ);
}
XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED);
#else
ForceZero(newSeed, sizeof(newSeed));
#endif
}
else {