From: Pauli <pauli@openssl.org>
Date: Fri, 1 Apr 2022 01:27:15 +0000 (+1100)
Subject: Fix Coverity 1503322, 1503324, 1503328 memory accesses
X-Git-Tag: openssl-3.2.0-alpha1~2693
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a381897470f5c6ac2f4e71f48d33d71cde7873dd;p=thirdparty%2Fopenssl.git

Fix Coverity 1503322, 1503324, 1503328 memory accesses

These are all false positives result from Coverity not understanding our
up_ref and free pairing.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)
---

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 8eb13ad5dda..4d5f8adbcad 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -332,7 +332,11 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
 
     /* No more legacy from here down to legacy: */
 
+    /* A Coverity false positive with up_ref/down_ref and free */
+    /* coverity[use_after_free] */
     ctx->op.kex.exchange = exchange;
+    /* A Coverity false positive with up_ref/down_ref and free */
+    /* coverity[deref_arg] */
     ctx->op.kex.algctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
     if (ctx->op.kex.algctx == NULL) {
         /* The provider key can stay in the cache */
@@ -420,6 +424,8 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
                                     EVP_KEYMGMT_get0_name(ctx->keymgmt),
                                     ctx->propquery);
     if (tmp_keymgmt != NULL)
+        /* A Coverity issue with up_ref/down_ref and free */
+        /* coverity[pass_freed_arg] */
         provkey = evp_pkey_export_to_provider(peer, ctx->libctx,
                                               &tmp_keymgmt, ctx->propquery);
     EVP_KEYMGMT_free(tmp_keymgmt_tofree);