From: Philippe Antoine <p.antoine@catenacyber.fr>
Date: Thu, 9 Feb 2023 14:21:59 +0000 (+0100)
Subject: fuzz: fix coverity warnings
X-Git-Tag: openssl-3.2.0-alpha1~1273
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1dbfd7fe24bcd50117bc57942b2046e483a3c5a5;p=thirdparty%2Fopenssl.git

fuzz: fix coverity warnings

introduced by 2b9e2afc382490592078cdb69d06f54f0fefd4c6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20253)
---

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 69745f902bd..ab190590300 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -865,7 +865,8 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
             if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
                 enc_err = 0;
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-            if (enc_err == 0 && mac_size > 0 && (md[0] ^ thismb->mac[0]) != 0xFF) {
+            if (enc_err == 0 && mac_size > 0 && thismb != NULL &&
+                thismb->mac != NULL && (md[0] ^ thismb->mac[0]) != 0xFF) {
                 enc_err = 1;
             }
 #endif
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 0af0d2fe627..a0a48e405fb 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -63,7 +63,7 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
                     s->s3.previous_client_finished_len);
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     if (ok) {
-        if (data[0] ^ s->s3.previous_client_finished[0] != 0xFF) {
+        if ((data[0] ^ s->s3.previous_client_finished[0]) != 0xFF) {
             ok = 0;
         }
     }
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 1812ca63d16..88f3b94f2e2 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -836,7 +836,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt)
                        md_len);
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     if (ok != 0) {
-        if (PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0] != 0xFF) {
+        if ((PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0]) != 0xFF) {
             ok = 0;
         }
     }