From: Neil Horman Date: Thu, 25 Jul 2024 16:24:04 +0000 (-0400) Subject: fix Coverity 1604662 X-Git-Tag: openssl-3.4.0-alpha1~272 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4811efe12fd1af9554718ae15996470a5c2ecd70;p=thirdparty%2Fopenssl.git fix Coverity 1604662 Coverity flagged an issue in our bio_enc tests in which we failed to check the return code of BIO_read for an error condition which can lead to our length computation going backwards. Just check the error code before adding it to length Fixes openssl/project#779 Reviewed-by: Paul Dale Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/25006) --- diff --git a/test/bio_enc_test.c b/test/bio_enc_test.c index 724de207ac9..fffb8da3a43 100644 --- a/test/bio_enc_test.c +++ b/test/bio_enc_test.c @@ -41,7 +41,7 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, BIO *b, *mem; static unsigned char inp[BUF_SIZE] = { 0 }; unsigned char out[BUF_SIZE], ref[BUF_SIZE]; - int i, lref, len; + int i, lref, len, tmplen; /* Fill buffer with non-zero data so that over steps can be detected */ if (!TEST_int_gt(RAND_bytes(inp, DATA_SIZE), 0)) @@ -77,13 +77,20 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; - len = BIO_read(b, out, i); + tmplen = BIO_read(b, out, i); + if (tmplen < 0) + goto err; + len = tmplen; /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Encrypt overstep check failed @ operation %d", i); goto err; } - len += BIO_read(b, out + len, sizeof(out) - len); + tmplen = BIO_read(b, out + len, sizeof(out) - len); + if (tmplen < 0) + goto err; + len += tmplen; + BIO_free_all(b); if (!TEST_mem_eq(out, len, ref, lref)) {