diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2021-07-13 10:25:24 -0700 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2021-07-13 10:25:24 -0700 |
| commit | 892595b076b0447764c1d828c484e046aba452e4 (patch) | |
| tree | 6a025c17a480341eefa5c887b5c662e4494aec8e /lib/softoken | |
| parent | 1c126b14820154bb8b262263f8c3e05507b6d19f (diff) | |
| download | nss-hg-892595b076b0447764c1d828c484e046aba452e4.tar.gz | |
Bug 1720225 Coverity/cpp scanner errors found in nss 3.67
A number of coverity/scanner issues were found in the kdf code which was added in nss 3.44 and the fixes never upstreamed, as well as coverity/scanner errors in nss 3.66. Not all errors were fixed, those errors which were determined to be false positives were just recorded. No attempt has been made to fix coverity/scanner errors in gtests.
Differential Revision: https://phabricator.services.mozilla.com/D119829
Diffstat (limited to 'lib/softoken')
| -rw-r--r-- | lib/softoken/kbkdf.c | 8 | ||||
| -rw-r--r-- | lib/softoken/sftkhmac.c | 4 | ||||
| -rw-r--r-- | lib/softoken/sftkike.c | 1 |
3 files changed, 10 insertions, 3 deletions
diff --git a/lib/softoken/kbkdf.c b/lib/softoken/kbkdf.c index b4544c432..57cce7017 100644 --- a/lib/softoken/kbkdf.c +++ b/lib/softoken/kbkdf.c @@ -613,6 +613,10 @@ kbkdf_CreateKey(CK_MECHANISM_TYPE kdf_mech, CK_SESSION_HANDLE hSession, CK_DERIV PR_ASSERT(derived_key != NULL); PR_ASSERT(derived_key->phKey != NULL); + if (slot == NULL) { + return CKR_SESSION_HANDLE_INVALID; + } + /* Create the new key object for this additional derived key. */ key = sftk_NewObject(slot); if (key == NULL) { @@ -678,7 +682,9 @@ done: sftk_FreeObject(key); /* Doesn't do anything. */ - sftk_FreeSession(session); + if (session) { + sftk_FreeSession(session); + } return ret; } diff --git a/lib/softoken/sftkhmac.c b/lib/softoken/sftkhmac.c index 1b38b06f9..bec2df79f 100644 --- a/lib/softoken/sftkhmac.c +++ b/lib/softoken/sftkhmac.c @@ -234,7 +234,9 @@ sftk_MAC_Init(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, SFTKObject *key) keyval->attrib.ulValueLen, isFIPS); done: - sftk_FreeAttribute(keyval); + if (keyval) { + sftk_FreeAttribute(keyval); + } return ret; } diff --git a/lib/softoken/sftkike.c b/lib/softoken/sftkike.c index 2183add69..6756040b6 100644 --- a/lib/softoken/sftkike.c +++ b/lib/softoken/sftkike.c @@ -1411,7 +1411,6 @@ sftk_fips_IKE_PowerUpSelfTests(void) (outKeySize != sizeof(ike_known_sha256_prf_plus)) || (PORT_Memcmp(outKeyData, ike_known_sha256_prf_plus, sizeof(ike_known_sha256_prf_plus)) != 0)) { - PORT_ZFree(outKeyData, outKeySize); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } |