build: suppress GCC analyzer warnings

author Daiki Ueno <ueno@gnu.org>

Thu, 6 Oct 2022 09:44:48 +0000 (18:44 +0900)

committer Daiki Ueno <ueno@gnu.org>

Tue, 22 Nov 2022 04:37:33 +0000 (13:37 +0900)
author Daiki Ueno <ueno@gnu.org>
Thu, 6 Oct 2022 09:44:48 +0000 (18:44 +0900)
committer Daiki Ueno <ueno@gnu.org>
Tue, 22 Nov 2022 04:37:33 +0000 (13:37 +0900)
diff --git a/lib/auth/cert.c b/lib/auth/cert.c

index 228d98468a9721b40a75522c98b2c0e75dda59ac..f122049e1416104fb94615072a734d45b06e08aa 100644 (file)
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -1636,6 +1636,10 @@ _gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_e
                         if (session->internals.selected_cert_list_length == 0)
                                 return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
  
+                       if (unlikely(session->internals.selected_cert_list == NULL)) {
+                               return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+                       }
+
                         _gnutls_debug_log("Selected (%s) cert\n",
                                           gnutls_pk_get_name(session->internals.selected_cert_list[0].pubkey->params.algo));
                 }
diff --git a/lib/nettle/int/provable-prime.c b/lib/nettle/int/provable-prime.c

index 585cd031e0a423e72b0536d6928f0a518581efcd..3a626a2c819b0e78e966e6dd3ffd36e53cc3c541 100644 (file)
--- a/lib/nettle/int/provable-prime.c
+++ b/lib/nettle/int/provable-prime.c
@@ -1173,7 +1173,7 @@ st_provable_prime(mpz_t p,
         if (iterations > 0) {
                 storage_length = iterations * DIGEST_SIZE;
  
-               storage = malloc(storage_length);
+               storage = gnutls_malloc(storage_length);
                 if (storage == NULL)
                         goto fail;
  
@@ -1307,7 +1307,7 @@ st_provable_prime(mpz_t p,
         mpz_clear(t);
         mpz_clear(tmp);
         mpz_clear(c);
-       free(pseed);
-       free(storage);
+       gnutls_free(pseed);
+       gnutls_free(storage);
         return ret;
  }
diff --git a/lib/pk.c b/lib/pk.c

index c5600a32a384a5b70ab2729062ef48edfbf7c82f..753cecd187fe0108ef218da3970c037232cc9efb 100644 (file)
--- a/lib/pk.c
+++ b/lib/pk.c
@@ -93,6 +93,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
         }
  
         if (r->data[0] >= 0x80) {
+               assert(tmp);
                 tmp[0] = 0;
                 memcpy(&tmp[1], r->data, r->size);
                 result = asn1_write_value(sig, "r", tmp, 1+r->size);
@@ -108,6 +109,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
  
  
         if (s->data[0] >= 0x80) {
+               assert(tmp);
                 tmp[0] = 0;
                 memcpy(&tmp[1], s->data, s->size);
                 result = asn1_write_value(sig, "s", tmp, 1+s->size);
@@ -598,6 +600,10 @@ encode_ber_digest_info(const mac_entry_st * e,
         uint8_t *tmp_output;
         int tmp_output_size;
  
+       if (unlikely(e == NULL)) {
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+       }
+
         /* prevent asn1_write_value() treating input as string */
         if (digest->size == 0)
                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c

index 59eddcd2a43209bb961799849099572e0ccda07e..6f528a9114cd2f3976bf2b599a88e2a1c1c6ac41 100644 (file)
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -1211,6 +1211,10 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn,
         }
  
         ce = cipher_to_entry(enc_params->cipher);
+       if (unlikely(ce == NULL)) {
+               ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_CIPHER_TYPE);
+               goto error;
+       }
         block_size = _gnutls_cipher_get_block_size(ce);
  
         if (ce->type == CIPHER_BLOCK) {
diff --git a/src/tests.c b/src/tests.c

index 85c4b66995339e6345c628b40244ec79fb0f1038..8526b6943719ced7fbdb7f3c6da7ffdd185d7546 100644 (file)
--- a/src/tests.c
+++ b/src/tests.c
@@ -1613,7 +1613,9 @@ test_code_t test_chain_order(gnutls_session_t session)
  
                 gnutls_free(t.data);
         }
-       *pos = 0;
+       if (pos) {
+               *pos = 0;
+       }
  
         t.size = p_size;
         t.data = (void*)p;
diff --git a/src/tpmtool.c b/src/tpmtool.c

index 171b7fd4165a3e34ec06095d6bfc7698551d11a1..1b230c2ffacfa4e1cacb6d531ce1d0e26d14d7c7 100644 (file)
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -263,15 +263,15 @@ static void tpm_generate(FILE * out, unsigned int key_type,
         gnutls_datum_t privkey, pubkey;
  
         if (!srk_well_known) {
-               srk_pass = getpass("Enter SRK password: ");
-               if (srk_pass != NULL)
-                       srk_pass = strdup(srk_pass);
+               char *pass = getpass("Enter SRK password: ");
+               if (pass != NULL)
+                       srk_pass = strdup(pass);
         }
  
         if (!(flags & GNUTLS_TPM_REGISTER_KEY)) {
-               key_pass = getpass("Enter key password: ");
-               if (key_pass != NULL)
-                       key_pass = strdup(key_pass);
+               char *pass = getpass("Enter key password: ");
+               if (pass != NULL)
+                       key_pass = strdup(pass);
         }
  
         ret =
author	Daiki Ueno <ueno@gnu.org>
	Thu, 6 Oct 2022 09:44:48 +0000 (18:44 +0900)
committer	Daiki Ueno <ueno@gnu.org>
	Tue, 22 Nov 2022 04:37:33 +0000 (13:37 +0900)
lib/auth/cert.c		patch \| blob \| blame \| history
lib/nettle/int/provable-prime.c		patch \| blob \| blame \| history
lib/pk.c		patch \| blob \| blame \| history
lib/x509/pkcs7-crypt.c		patch \| blob \| blame \| history
src/tests.c		patch \| blob \| blame \| history
src/tpmtool.c		patch \| blob \| blame \| history