Skip to content

Commit

Permalink
Merge pull request #7718 from douzzer/20240705-coverity-fixes
Browse files Browse the repository at this point in the history
20240705-coverity-fixes
  • Loading branch information
JacobBarthelmeh authored Jul 7, 2024
2 parents d8757a5 + e35e713 commit 595e71d
Show file tree
Hide file tree
Showing 6 changed files with 61 additions and 29 deletions.
63 changes: 42 additions & 21 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -14955,44 +14955,65 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (ret == 0 && addToPendingCAs && !alreadySigner) {
DecodedCert dCertAdd;
DerBuffer *derBuffer;
#ifdef WOLFSSL_SMALL_STACK
DecodedCert *dCertAdd = NULL;
#else
DecodedCert dCertAdd[1];
#endif
int dCertAdd_inited = 0;
DerBuffer *derBuffer = NULL;
buffer* cert = &args->certs[args->certIdx];
Signer *s;
InitDecodedCert(&dCertAdd, cert->buffer, cert->length, ssl->heap);
ret = ParseCert(&dCertAdd, CA_TYPE, NO_VERIFY, SSL_CM(ssl));
Signer *s = NULL;

#ifdef WOLFSSL_SMALL_STACK
dCertAdd = (DecodedCert *)
XMALLOC(sizeof(*dCertAdd), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (dCertAdd == NULL) {
ret = MEMORY_E;
goto exit_req_v2;
}
#endif
InitDecodedCert(dCertAdd, cert->buffer, cert->length,
ssl->heap);
dCertAdd_inited = 1;
ret = ParseCert(dCertAdd, CA_TYPE, NO_VERIFY,
SSL_CM(ssl));
if (ret != 0) {
FreeDecodedCert(&dCertAdd);
goto exit_ppc;
goto exit_req_v2;
}
ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap);
if (ret != 0 || derBuffer == NULL) {
FreeDecodedCert(&dCertAdd);
goto exit_ppc;
goto exit_req_v2;
}
XMEMCPY(derBuffer->buffer, cert->buffer, cert->length);
s = MakeSigner(SSL_CM(ssl)->heap);
if (s == NULL) {
FreeDecodedCert(&dCertAdd);
FreeDer(&derBuffer);
ret = MEMORY_E;
goto exit_ppc;
goto exit_req_v2;
}
ret = FillSigner(s, &dCertAdd, CA_TYPE, derBuffer);
FreeDecodedCert(&dCertAdd);
FreeDer(&derBuffer);
ret = FillSigner(s, dCertAdd, CA_TYPE, derBuffer);
if (ret != 0) {
FreeSigner(s, SSL_CM(ssl)->heap);
goto exit_ppc;
goto exit_req_v2;
}
skipAddCA = 1;
ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s);
if (ret != 0) {
FreeSigner(s, ssl->heap);

exit_req_v2:
if (s && (ret != 0))
FreeSigner(s, SSL_CM(ssl)->heap);
if (derBuffer)
FreeDer(&derBuffer);
if (dCertAdd_inited)
FreeDecodedCert(dCertAdd);
#ifdef WOLFSSL_SMALL_STACK
if (dCertAdd)
XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ret != 0)
goto exit_ppc;
}
}
#endif
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */

/* If valid CA then add to Certificate Manager */
if (ret == 0 && args->dCert->isCA &&
Expand Down
5 changes: 5 additions & 0 deletions src/wolfio.c
Original file line number Diff line number Diff line change
Expand Up @@ -1612,6 +1612,11 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,

/* read data if no \r\n or first time */
if ((start == NULL) || (end == NULL)) {
if (httpBufSz < len + 1) {
return BUFFER_ERROR; /* can't happen, but Coverity thinks it
* can.
*/
}
result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
if (result > 0) {
len += result;
Expand Down
4 changes: 0 additions & 4 deletions wolfcrypt/src/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -12910,10 +12910,6 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz,
return BAD_FUNC_ARG;
}

if (iSz < AES_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}

XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE);
stream->bytes_crypted_with_this_tweak = 0;

Expand Down
5 changes: 3 additions & 2 deletions wolfcrypt/src/asn.c
Original file line number Diff line number Diff line change
Expand Up @@ -24067,7 +24067,7 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der)
if (ret == 0 && signer != NULL) {
if (cert->extSapkiSet && cert->sapkiLen > 0) {
/* Allocated space for alternative public key. */
signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cm->heap,
signer->sapkiDer = (byte*)XMALLOC(cert->sapkiLen, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (signer->sapkiDer == NULL) {
ret = MEMORY_E;
Expand All @@ -24083,7 +24083,8 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der)

#if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL)
if (ret == 0 && signer != NULL)
ret = CalcHashId(cert->serial, cert->serialSz, signer->serialHash);
ret = CalcHashId(cert->serial, (word32)cert->serialSz,
signer->serialHash);
#endif
if (ret == 0 && signer != NULL) {
#ifdef WOLFSSL_SIGNER_DER_CERT
Expand Down
5 changes: 4 additions & 1 deletion wolfcrypt/src/rsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -4017,7 +4017,10 @@ int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inSz, byte* sig,

/* Sig = Salt | Exp Hash */
if (ret == 0) {
if (sigSz != inSz + (word32)saltLen) {
word32 totalSz;
if ((WC_SAFE_SUM_WORD32(inSz, (word32)saltLen, totalSz) == 0) ||
(sigSz != totalSz))
{
ret = PSS_SALTLEN_E;
}
}
Expand Down
8 changes: 7 additions & 1 deletion wolfcrypt/src/wc_encrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -545,9 +545,15 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,

ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
iterations, (int)derivedLen, typeH, 1);
if (ret < 0)
break;
if (id != PBE_SHA1_RC4_128) {
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
i = ret;
ret = wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
saltSz, iterations, 8, typeH, 2);
if (ret < 0)
break;
ret += i;
}
break;
}
Expand Down

0 comments on commit 595e71d

Please sign in to comment.