diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-15 13:58:05 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-15 13:58:05 +0200 |
| commit | 86ff57e8f9f5f33d820b64b5cfdc60cb830b6d94 (patch) | |
| tree | 855039c1ffdca5afd75af0021b592869517d7a34 | |
| parent | 83b64980f5ec9c3110cf0cd44d8815271ece7996 (diff) | |
| download | gnutls-86ff57e8f9f5f33d820b64b5cfdc60cb830b6d94.tar.gz | |
several bug fixes due to coverity.
| -rw-r--r-- | lib/auth/cert.c | 9 | ||||
| -rw-r--r-- | lib/ext/heartbeat.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_db.c | 3 | ||||
| -rw-r--r-- | lib/gnutls_extensions.c | 5 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_pk.c | 7 | ||||
| -rw-r--r-- | lib/gnutls_priority.c | 14 | ||||
| -rw-r--r-- | lib/gnutls_range.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_session_pack.c | 11 | ||||
| -rw-r--r-- | lib/gnutls_x509.c | 2 | ||||
| -rw-r--r-- | lib/nettle/egd.c | 3 | ||||
| -rw-r--r-- | lib/openpgp/pgp.c | 10 | ||||
| -rw-r--r-- | lib/openpgp/privkey.c | 10 | ||||
| -rw-r--r-- | lib/pkcs11.c | 5 | ||||
| -rw-r--r-- | lib/tpm.c | 2 | ||||
| -rw-r--r-- | lib/verify-tofu.c | 2 |
17 files changed, 50 insertions, 43 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 7ccba6e108..c0f3ccf59d 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -599,8 +599,7 @@ call_get_cert_callback(gnutls_session_t session, } _gnutls_selected_certs_set(session, local_certs, - (local_certs != NULL) ? st2.ncerts : 0, - local_key, 1); + st2.ncerts, local_key, 1); ret = 0; @@ -1338,8 +1337,10 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session, cleanup: _gnutls_free_datum(&akey); - gnutls_pcert_deinit(&peer_certificate_list[0]); - gnutls_free(peer_certificate_list); + if (peer_certificate_list != NULL) { + gnutls_pcert_deinit(&peer_certificate_list[0]); + gnutls_free(peer_certificate_list); + } return ret; } diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c index 27707a215a..1b59d39b34 100644 --- a/lib/ext/heartbeat.c +++ b/lib/ext/heartbeat.c @@ -200,6 +200,8 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size, gettime(&session->internals.hb_ping_start); session->internals.hb_local_data.length = data_size; session->internals.hb_state = SHB_SEND2; + + /* fallthrough */ case SHB_SEND2: session->internals.hb_actual_retrans_timeout_ms = session->internals.hb_retrans_timeout_ms; diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 560683bfac..0aba1db5bd 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -234,8 +234,7 @@ int _gnutls_server_register_current_session(gnutls_session_t session) return GNUTLS_E_INVALID_SESSION; } - if (session->security_parameters.session_id == NULL - || session->security_parameters.session_id_size == 0) { + if (session->security_parameters.session_id_size == 0) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 013df19a8a..36ac43e8ee 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -242,7 +242,10 @@ _gnutls_gen_extensions(gnutls_session_t session, size_t i, init_size = extdata->length; pos = extdata->length; /* we will store length later on */ - _gnutls_buffer_append_prefix(extdata, 16, 0); + + ret = _gnutls_buffer_append_prefix(extdata, 16, 0); + if (ret < 0) + return gnutls_assert_val(ret); for (i = 0; i < extfunc_size; i++) { extension_entry_st *p = &extfunc[i]; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index bf050ae24d..c94e589964 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2911,6 +2911,7 @@ static int _gnutls_send_handshake_final(gnutls_session_t session, int init) return ret; } + /* fallthrough */ case STATE2: /* send the finished message */ ret = _gnutls_send_finished(session, FAGAIN(STATE2)); @@ -3002,6 +3003,7 @@ static int _gnutls_recv_handshake_final(gnutls_session_t session, int init) return ret; } + /* fallthrough */ case STATE31: FINAL_STATE = STATE31; diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 236e4f7d42..6601d3e2b3 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -293,7 +293,12 @@ encode_ber_digest_info(const mac_entry_st * e, } tmp_output_size = 0; - asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL); + result = asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL); + if (result != ASN1_MEM_ERROR) { + gnutls_assert(); + asn1_delete_structure(&dinfo); + return _gnutls_asn2err(result); + } tmp_output = gnutls_malloc(tmp_output_size); if (tmp_output == NULL) { diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index bfda106c2a..877ee906a4 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -193,13 +193,13 @@ gnutls_compression_set_priority(gnutls_session_t session, const int *list) **/ int gnutls_protocol_set_priority(gnutls_session_t session, const int *list) { - _set_priority(&session->internals.priorities.protocol, list); - - /* set the current version to the first in the chain. - * This will be overridden later. - */ - if (list) + if (list) { + _set_priority(&session->internals.priorities.protocol, list); + /* set the current version to the first in the chain. + * This will be overridden later. + */ _gnutls_set_current_version(session, list[0]); + } return 0; } @@ -647,7 +647,7 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority) #define SET_PROFILE(to_set) \ profile = GNUTLS_VFLAGS_TO_PROFILE(priority_cache->additional_verify_flags); \ if (profile == 0 || profile > to_set) { \ - priority_cache->additional_verify_flags &= !GNUTLS_VFLAGS_PROFILE_MASK; \ + priority_cache->additional_verify_flags &= ~GNUTLS_VFLAGS_PROFILE_MASK; \ priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(to_set); \ } diff --git a/lib/gnutls_range.c b/lib/gnutls_range.c index 3209055b22..0e29a8994c 100644 --- a/lib/gnutls_range.c +++ b/lib/gnutls_range.c @@ -240,10 +240,6 @@ gnutls_record_send_range(gnutls_session_t session, const void *data, if (ret == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (ret == 0 && range->low != range->high) - /* Cannot use LH, but a range was given */ - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - _gnutls_set_range(&cur_range, range->low, range->high); _gnutls_record_log diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 52f47e1c83..8c80a22c1e 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -304,7 +304,7 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how) gnutls_assert(); return ret; } - + /* fallthrough */ case STATE61: ret = gnutls_alert_send(session, GNUTLS_AL_WARNING, diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 6195856017..03aecc3b1b 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -598,15 +598,8 @@ pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) if (info == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - if (info->username) - username_len = strlen(info->username) + 1; /* include the terminating null */ - else - username_len = 0; - - if (info->hint) - hint_len = strlen(info->hint) + 1; /* include the terminating null */ - else - hint_len = 0; + username_len = strlen(info->username) + 1; /* include the terminating null */ + hint_len = strlen(info->hint) + 1; /* include the terminating null */ size_offset = ps->length; BUFFER_APPEND_NUM(ps, 0); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 8ae313569d..e45a91e35a 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1517,7 +1517,7 @@ gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res, return ret; cleanup: - for (j = 0; j < i; i++) + for (j = 0; j < i; j++) gnutls_x509_crt_deinit(new_list[j]); return ret; diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c index 67d69a7879..051ee2b5d5 100644 --- a/lib/nettle/egd.c +++ b/lib/nettle/egd.c @@ -199,6 +199,9 @@ int _rndegd_read(int *fd, void *_output, size_t _length) if (*fd == -1 || do_restart) *fd = _rndegd_connect_socket(); + if (*fd == -1) + return -1; + do_restart = 0; nbytes = length < 255 ? length : 255; diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index c3a53b4b96..d5ef2722be 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -1591,16 +1591,16 @@ int gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t key, gnutls_openpgp_keyid_t keyid) { - if (!key->preferred_set) - return - gnutls_assert_val - (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); - if (!key || !keyid) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } + if (!key->preferred_set) + return + gnutls_assert_val + (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); + memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE); return 0; diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index 44a9b3226c..6aa6fb5436 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -1219,16 +1219,16 @@ int gnutls_openpgp_privkey_get_preferred_key_id(gnutls_openpgp_privkey_t key, gnutls_openpgp_keyid_t keyid) { - if (!key->preferred_set) - return - gnutls_assert_val - (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); - if (!key || !keyid) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } + if (!key->preferred_set) + return + gnutls_assert_val + (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); + memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE); return 0; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index d7d3ba2e67..70d4e7a0e8 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2506,8 +2506,11 @@ find_objs(struct pkcs11_session_info *sinfo, a[0].value = &class; a[0].value_len = sizeof class; - pkcs11_get_attribute_value(sinfo->module, + rv = pkcs11_get_attribute_value(sinfo->module, sinfo->pks, obj, a, 1); + if (rv != CKR_OK) { + class = -1; + } } if (find_data->flags == @@ -808,7 +808,7 @@ static int decode_tpmkey_url(const char *url, struct tpmkey_url_st *s) return gnutls_assert_val(GNUTLS_E_PARSING_ERROR); } - if ((p = strstr(url, "storage=user")) != NULL) + if (strstr(url, "storage=user") != NULL) s->storage = TSS_PS_TYPE_USER; else s->storage = TSS_PS_TYPE_SYSTEM; diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index bdb88c238d..92894ea888 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -375,7 +375,7 @@ static int raw_pubkey_to_base64(const gnutls_datum_t * raw, char *out; ret = base64_encode_alloc((void *) raw->data, raw->size, &out); - if (ret == 0) + if (ret == 0 || out == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); b64->data = (void *) out; |