Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3 issues found by coverity #380

Open
chipitsine opened this issue Jan 8, 2022 · 1 comment
Open

3 issues found by coverity #380

chipitsine opened this issue Jan 8, 2022 · 1 comment

Comments

@chipitsine
Copy link
Contributor

** CID 345245:    (UNINIT)


________________________________________________________________________________________________________
*** CID 345245:    (UNINIT)
/gost_prov.c: 71 in provider_ctx_new()
65             && populate_gost_engine(ctx->e)) {
66             ctx->core_handle = core;
67     
68             /* Ugly hack */
69             err_handle = ctx->proverr_handle;
70         } else {
>>>     CID 345245:    (UNINIT)
>>>     Using uninitialized value "ctx->e" when calling "provider_ctx_free".
71             provider_ctx_free(ctx);
72             ctx = NULL;
73         }
74         return ctx;
75     }
76     
/gost_prov.c: 71 in provider_ctx_new()
65             && populate_gost_engine(ctx->e)) {
66             ctx->core_handle = core;
67     
68             /* Ugly hack */
69             err_handle = ctx->proverr_handle;
70         } else {
>>>     CID 345245:    (UNINIT)
>>>     Using uninitialized value "ctx->e" when calling "provider_ctx_free".
71             provider_ctx_free(ctx);
72             ctx = NULL;
73         }
74         return ctx;
75     }
76     

** CID 345244:    (CHECKED_RETURN)
/test_tlstree.c: 155 in main()
/test_tlstree.c: 114 in main()


________________________________________________________________________________________________________
*** CID 345244:    (CHECKED_RETURN)
/test_tlstree.c: 155 in main()
149             if (memcmp(enc0_etl, data0_processed, sizeof(data0_processed)) != 0) {
150                     fprintf(stderr, "ENC0 mismatch");
151                     exit(1);
152             }
153     
154             mdctx = EVP_MD_CTX_new();
>>>     CID 345244:    (CHECKED_RETURN)
>>>     Calling "EVP_DigestInit_ex" without checking return value (as is done elsewhere 9 out of 11 times).
155             EVP_DigestInit_ex(mdctx, md, NULL);
156       mac_key = EVP_PKEY_new_mac_key(NID_grasshopper_mac, NULL, mac_secret, 32);
157       EVP_DigestSignInit(mdctx, NULL, md, NULL, mac_key);
158       EVP_PKEY_free(mac_key);
159     
160             EVP_MD_CTX_ctrl(mdctx, EVP_MD_CTRL_TLSTREE, 0, seq63);
/test_tlstree.c: 114 in main()
108             OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
109     
110             memset(data63, 0, 4096);
111     
112             md = EVP_get_digestbynid(NID_grasshopper_mac);
113     
>>>     CID 345244:    (CHECKED_RETURN)
>>>     Calling "EVP_DigestInit_ex" without checking return value (as is done elsewhere 9 out of 11 times).
114             EVP_DigestInit_ex(mdctx, md, NULL);
115       mac_key = EVP_PKEY_new_mac_key(NID_grasshopper_mac, NULL, mac_secret, 32);
116       EVP_DigestSignInit(mdctx, NULL, md, NULL, mac_key);
117       EVP_PKEY_free(mac_key);
118     
119             EVP_MD_CTX_ctrl(mdctx, EVP_MD_CTRL_TLSTREE, 0, seq0);

** CID 345243:  Null pointer dereferences  (REVERSE_INULL)
/gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()


________________________________________________________________________________________________________
*** CID 345243:  Null pointer dereferences  (REVERSE_INULL)
/gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()
675        o  Q_eph is on the same curve as server public key;
676     
677        o  Q_eph is not equal to zero point;
678     
679        o  q * Q_eph is not equal to zero point.
680     */
>>>     CID 345243:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
681         if (eph_key == NULL || priv == NULL || data == NULL) {
682            GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
683                    GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
684            ret = 0;
685            goto err;
686         }

vt-alt added a commit to vt-alt/gost-engine that referenced this issue Jan 8, 2022
This should fix Coverity warning:

  *** CID 345243:  Null pointer dereferences  (REVERSE_INULL)
  /gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()
  675        o  Q_eph is on the same curve as server public key;
  676
  677        o  Q_eph is not equal to zero point;
  678
  679        o  q * Q_eph is not equal to zero point.
  680     */
  >>>     CID 345243:  Null pointer dereferences  (REVERSE_INULL)
  >>>     Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
  681         if (eph_key == NULL || priv == NULL || data == NULL) {
  682            GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
  683                    GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
  684            ret = 0;
  685            goto err;
  686         }

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: gost-engine#380
vt-alt added a commit to vt-alt/gost-engine that referenced this issue Jan 8, 2022
This should fix Coverity warning:

  *** CID 345245:    (UNINIT)
  /gost_prov.c: 71 in provider_ctx_new()
  65             && populate_gost_engine(ctx->e)) {
  66             ctx->core_handle = core;
  67
  68             /* Ugly hack */
  69             err_handle = ctx->proverr_handle;
  70         } else {
  >>>     CID 345245:    (UNINIT)
  >>>     Using uninitialized value "ctx->e" when calling "provider_ctx_free".
  71             provider_ctx_free(ctx);
  72             ctx = NULL;
  73         }
  74         return ctx;
  75     }

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: gost-engine#380
beldmit pushed a commit that referenced this issue Jan 9, 2022
This should fix Coverity warning:

  *** CID 345243:  Null pointer dereferences  (REVERSE_INULL)
  /gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()
  675        o  Q_eph is on the same curve as server public key;
  676
  677        o  Q_eph is not equal to zero point;
  678
  679        o  q * Q_eph is not equal to zero point.
  680     */
  >>>     CID 345243:  Null pointer dereferences  (REVERSE_INULL)
  >>>     Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
  681         if (eph_key == NULL || priv == NULL || data == NULL) {
  682            GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
  683                    GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
  684            ret = 0;
  685            goto err;
  686         }

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380
beldmit pushed a commit that referenced this issue Jan 9, 2022
This should fix Coverity warning:

  *** CID 345245:    (UNINIT)
  /gost_prov.c: 71 in provider_ctx_new()
  65             && populate_gost_engine(ctx->e)) {
  66             ctx->core_handle = core;
  67
  68             /* Ugly hack */
  69             err_handle = ctx->proverr_handle;
  70         } else {
  >>>     CID 345245:    (UNINIT)
  >>>     Using uninitialized value "ctx->e" when calling "provider_ctx_free".
  71             provider_ctx_free(ctx);
  72             ctx = NULL;
  73         }
  74         return ctx;
  75     }

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380
@se-prok
Copy link
Contributor

se-prok commented Jan 17, 2022

As for unnecessary data == NULL check:

This if (eph_key == NULL ...) fragment was my patch against the real segmentation fault observed due to the dereference of the null eph_key.
I added this unnecessary check of the data pointer as an extra precaution. )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants