]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
several bug fixes due to coverity.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 15 Apr 2014 11:58:05 +0000 (13:58 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 15 Apr 2014 11:58:05 +0000 (13:58 +0200)
17 files changed:
lib/auth/cert.c
lib/ext/heartbeat.c
lib/gnutls_db.c
lib/gnutls_extensions.c
lib/gnutls_handshake.c
lib/gnutls_pk.c
lib/gnutls_priority.c
lib/gnutls_range.c
lib/gnutls_record.c
lib/gnutls_session_pack.c
lib/gnutls_x509.c
lib/nettle/egd.c
lib/openpgp/pgp.c
lib/openpgp/privkey.c
lib/pkcs11.c
lib/tpm.c
lib/verify-tofu.c

index 7ccba6e10864ecfdf2c1919bc71ae2871c0b126c..c0f3ccf59d184d233d5171fd4136e4e43fd1442e 100644 (file)
@@ -599,8 +599,7 @@ call_get_cert_callback(gnutls_session_t session,
        }
 
        _gnutls_selected_certs_set(session, local_certs,
-                                  (local_certs != NULL) ? st2.ncerts : 0,
-                                  local_key, 1);
+                                  st2.ncerts, local_key, 1);
 
        ret = 0;
 
@@ -1338,8 +1337,10 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session,
  cleanup:
 
        _gnutls_free_datum(&akey);
-       gnutls_pcert_deinit(&peer_certificate_list[0]);
-       gnutls_free(peer_certificate_list);
+       if (peer_certificate_list != NULL) {
+               gnutls_pcert_deinit(&peer_certificate_list[0]);
+               gnutls_free(peer_certificate_list);
+       }
        return ret;
 
 }
index 27707a215a11f3dcd7983a06bd11baa2bed563f3..1b59d39b34b47d85ec77ce7957c560b970a84380 100644 (file)
@@ -200,6 +200,8 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
                gettime(&session->internals.hb_ping_start);
                session->internals.hb_local_data.length = data_size;
                session->internals.hb_state = SHB_SEND2;
+
+               /* fallthrough */
        case SHB_SEND2:
                session->internals.hb_actual_retrans_timeout_ms =
                    session->internals.hb_retrans_timeout_ms;
index 560683bfac967fb1007f37a4f99b63bd51ba3870..0aba1db5bdca1552c051d01d38624167e4069fb8 100644 (file)
@@ -234,8 +234,7 @@ int _gnutls_server_register_current_session(gnutls_session_t session)
                return GNUTLS_E_INVALID_SESSION;
        }
 
-       if (session->security_parameters.session_id == NULL
-           || session->security_parameters.session_id_size == 0) {
+       if (session->security_parameters.session_id_size == 0) {
                gnutls_assert();
                return GNUTLS_E_INVALID_SESSION;
        }
index 013df19a8a3741aa3c3bcc4f984d3efbc90463aa..36ac43e8ee60e2173943796b31ed77db5a65740a 100644 (file)
@@ -242,7 +242,10 @@ _gnutls_gen_extensions(gnutls_session_t session,
        size_t i, init_size = extdata->length;
 
        pos = extdata->length;  /* we will store length later on */
-       _gnutls_buffer_append_prefix(extdata, 16, 0);
+
+       ret = _gnutls_buffer_append_prefix(extdata, 16, 0);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
 
        for (i = 0; i < extfunc_size; i++) {
                extension_entry_st *p = &extfunc[i];
index bf050ae24d0a78b4fb0d52cc7887bffd46c8373f..c94e5899647a03b1ec3fa59f447aab4a9dd4e217 100644 (file)
@@ -2911,6 +2911,7 @@ static int _gnutls_send_handshake_final(gnutls_session_t session, int init)
                        return ret;
                }
 
+               /* fallthrough */
        case STATE2:
                /* send the finished message */
                ret = _gnutls_send_finished(session, FAGAIN(STATE2));
@@ -3002,6 +3003,7 @@ static int _gnutls_recv_handshake_final(gnutls_session_t session, int init)
                        return ret;
                }
 
+               /* fallthrough */
        case STATE31:
                FINAL_STATE = STATE31;
 
index 236e4f7d42288e82dcee5472e128f8e7d51ce540..6601d3e2b341c3c7a1b70052ea1425602f3833e5 100644 (file)
@@ -293,7 +293,12 @@ encode_ber_digest_info(const mac_entry_st * e,
        }
 
        tmp_output_size = 0;
-       asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL);
+       result = asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL);
+       if (result != ASN1_MEM_ERROR) {
+               gnutls_assert();
+               asn1_delete_structure(&dinfo);
+               return _gnutls_asn2err(result);
+       }
 
        tmp_output = gnutls_malloc(tmp_output_size);
        if (tmp_output == NULL) {
index bfda106c2ac6b0387dfc59be8f19ce55b7bfd064..877ee906a4f22e0e38af2fa929100a517de29ebd 100644 (file)
@@ -193,13 +193,13 @@ gnutls_compression_set_priority(gnutls_session_t session, const int *list)
  **/
 int gnutls_protocol_set_priority(gnutls_session_t session, const int *list)
 {
-       _set_priority(&session->internals.priorities.protocol, list);
-
-       /* set the current version to the first in the chain.
-        * This will be overridden later.
-        */
-       if (list)
+       if (list) {
+               _set_priority(&session->internals.priorities.protocol, list);
+               /* set the current version to the first in the chain.
+                * This will be overridden later.
+                */
                _gnutls_set_current_version(session, list[0]);
+       }
 
        return 0;
 }
@@ -647,7 +647,7 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
 #define SET_PROFILE(to_set) \
        profile = GNUTLS_VFLAGS_TO_PROFILE(priority_cache->additional_verify_flags); \
        if (profile == 0 || profile > to_set) { \
-               priority_cache->additional_verify_flags &= !GNUTLS_VFLAGS_PROFILE_MASK; \
+               priority_cache->additional_verify_flags &= ~GNUTLS_VFLAGS_PROFILE_MASK; \
                priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(to_set); \
        }
 
index 3209055b2207d946150fb0fcf9da1a53e30db91e..0e29a8994c0e9ab1a2e75e0a7c3318c8930fc33b 100644 (file)
@@ -240,10 +240,6 @@ gnutls_record_send_range(gnutls_session_t session, const void *data,
        if (ret == 0)
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
-       if (ret == 0 && range->low != range->high)
-               /* Cannot use LH, but a range was given */
-               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
        _gnutls_set_range(&cur_range, range->low, range->high);
 
        _gnutls_record_log
index 52f47e1c8322bf45510734d0b4cf79779abd3482..8c80a22c1e13bbf3da83e128dcb1baf5d792d6b3 100644 (file)
@@ -304,7 +304,7 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
                        gnutls_assert();
                        return ret;
                }
-
+               /* fallthrough */
        case STATE61:
                ret =
                    gnutls_alert_send(session, GNUTLS_AL_WARNING,
index 6195856017a826ce7a569ef1f957a71994fd8194..03aecc3b1b218f895bce16e2201dcbe785c7bd96 100644 (file)
@@ -598,15 +598,8 @@ pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
        if (info == NULL)
                return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-       if (info->username)
-               username_len = strlen(info->username) + 1;      /* include the terminating null */
-       else
-               username_len = 0;
-
-       if (info->hint)
-               hint_len = strlen(info->hint) + 1;      /* include the terminating null */
-       else
-               hint_len = 0;
+       username_len = strlen(info->username) + 1;      /* include the terminating null */
+       hint_len = strlen(info->hint) + 1;      /* include the terminating null */
 
        size_offset = ps->length;
        BUFFER_APPEND_NUM(ps, 0);
index 8ae313569de3c6c61512c32c862634a219845760..e45a91e35a219e2b06a2da3c92de75821a5c1bed 100644 (file)
@@ -1517,7 +1517,7 @@ gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
        return ret;
 
       cleanup:
-       for (j = 0; j < i; i++)
+       for (j = 0; j < i; j++)
                gnutls_x509_crt_deinit(new_list[j]);
 
        return ret;
index 67d69a7879ef6e4aa39744dd8b0f2be48df06ff9..051ee2b5d57f5ab91646d406b49dc02de076b162 100644 (file)
@@ -199,6 +199,9 @@ int _rndegd_read(int *fd, void *_output, size_t _length)
        if (*fd == -1 || do_restart)
                *fd = _rndegd_connect_socket();
 
+       if (*fd == -1)
+               return -1;
+
        do_restart = 0;
 
        nbytes = length < 255 ? length : 255;
index c3a53b4b9626d36d5d34722d0727d56e673cf8a3..d5ef2722bebbec2818dd9c4a89a87e617d0d37c4 100644 (file)
@@ -1591,16 +1591,16 @@ int
 gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t key,
                                        gnutls_openpgp_keyid_t keyid)
 {
-       if (!key->preferred_set)
-               return
-                   gnutls_assert_val
-                   (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
-
        if (!key || !keyid) {
                gnutls_assert();
                return GNUTLS_E_INVALID_REQUEST;
        }
 
+       if (!key->preferred_set)
+               return
+                   gnutls_assert_val
+                   (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
        memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
 
        return 0;
index 44a9b3226c3683871595e8807d0f83d74b36e400..6aa6fb54364882e8ff5588596af39c130f9bc96f 100644 (file)
@@ -1219,16 +1219,16 @@ int
 gnutls_openpgp_privkey_get_preferred_key_id(gnutls_openpgp_privkey_t key,
                                            gnutls_openpgp_keyid_t keyid)
 {
-       if (!key->preferred_set)
-               return
-                   gnutls_assert_val
-                   (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
-
        if (!key || !keyid) {
                gnutls_assert();
                return GNUTLS_E_INVALID_REQUEST;
        }
 
+       if (!key->preferred_set)
+               return
+                   gnutls_assert_val
+                   (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
        memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
 
        return 0;
index d7d3ba2e674613cc708c4ac897eda74bfc154bea..70d4e7a0e8643e2aecba490841651fb316f7cb91 100644 (file)
@@ -2506,8 +2506,11 @@ find_objs(struct pkcs11_session_info *sinfo,
                        a[0].value = &class;
                        a[0].value_len = sizeof class;
 
-                       pkcs11_get_attribute_value(sinfo->module,
+                       rv = pkcs11_get_attribute_value(sinfo->module,
                                                   sinfo->pks, obj, a, 1);
+                       if (rv != CKR_OK) {
+                               class = -1;
+                       }
                }
 
                if (find_data->flags ==
index 86b0047a9b18080efb17bb01e675b8e7c88f4d44..7ddfdfb29530d30bfae5e39676a9db41a4b358bd 100644 (file)
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -808,7 +808,7 @@ static int decode_tpmkey_url(const char *url, struct tpmkey_url_st *s)
                return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
        }
 
-       if ((p = strstr(url, "storage=user")) != NULL)
+       if (strstr(url, "storage=user") != NULL)
                s->storage = TSS_PS_TYPE_USER;
        else
                s->storage = TSS_PS_TYPE_SYSTEM;
index bdb88c238df61dbe10a3b6f4f99590e62f1df880..92894ea88849e49b0f9c7b681d373f69ae5cdb81 100644 (file)
@@ -375,7 +375,7 @@ static int raw_pubkey_to_base64(const gnutls_datum_t * raw,
        char *out;
 
        ret = base64_encode_alloc((void *) raw->data, raw->size, &out);
-       if (ret == 0)
+       if (ret == 0 || out == NULL)
                return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
        b64->data = (void *) out;