The branch master has been updated via 5e56f4587de2f2e06c079272fa4d6712d56dbcf0 (commit) via 98431c431366ec3445e92cf4c50a1d3ac80573a5 (commit) via 159dacca4682a48ccc3625c64678b7eaf31681ef (commit) via 196feb18de28cc5e6b59483ab61453dbca8d5c4b (commit) via 01fb4bff9bee4b6a652d42ec9f1b677773280450 (commit) from 10af976962b2383bb3044120a764037361b8bff7 (commit)
- Log ----------------------------------------------------------------- commit 5e56f4587de2f2e06c079272fa4d6712d56dbcf0 Author: Pauli <pa...@openssl.org> Date: Tue Jun 29 08:26:11 2021 +1000 evp: fix coverity 1473380 Copy into fixed size buffer (STRING_OVERFLOW) Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15943) commit 98431c431366ec3445e92cf4c50a1d3ac80573a5 Author: Pauli <pa...@openssl.org> Date: Tue Jun 29 08:18:30 2021 +1000 dh_test: fix coverity 1473239 Argument cannot be negative (NEGATIVE_RETURNS) Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15943) commit 159dacca4682a48ccc3625c64678b7eaf31681ef Author: Pauli <pa...@openssl.org> Date: Tue Jun 29 08:05:19 2021 +1000 s_time: avoid unlikely division by zero Fixing coverity 966560 Division or modulo by zero (DIVIDE_BY_ZERO) Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15943) commit 196feb18de28cc5e6b59483ab61453dbca8d5c4b Author: Pauli <pa...@openssl.org> Date: Tue Jun 29 08:01:13 2021 +1000 bio: check for valid socket when closing Fixes coverity 271258 Improper use of negative value (NEGATIVE_RETURNS) Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15943) commit 01fb4bff9bee4b6a652d42ec9f1b677773280450 Author: Pauli <pa...@openssl.org> Date: Tue Jun 29 07:59:00 2021 +1000 test: fix coverity 1469427 Improper use of negative value (NEGATIVE_RETURNS) Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15943) ----------------------------------------------------------------------- Summary of changes: apps/s_time.c | 11 +++++++---- crypto/bio/bio_sock2.c | 2 +- crypto/evp/ctrl_params_translate.c | 4 +++- test/dhtest.c | 11 +++++++---- test/endecoder_legacy_test.c | 3 ++- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/apps/s_time.c b/apps/s_time.c index 34e939d047..1a58e19de5 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -394,10 +394,13 @@ int s_time_main(int argc, char **argv) printf ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn / totalTime), bytes_read); - printf - ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); - + if (nConn > 0) + printf + ("%d connections in %ld real seconds, %ld bytes read per connection\n", + nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); + else + printf("0 connections in %ld real seconds\n", + (long)time(NULL) - finishtime + maxtime); ret = 0; end: diff --git a/crypto/bio/bio_sock2.c b/crypto/bio/bio_sock2.c index f13f20148b..b6c95913ce 100644 --- a/crypto/bio/bio_sock2.c +++ b/crypto/bio/bio_sock2.c @@ -335,7 +335,7 @@ int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options) */ int BIO_closesocket(int sock) { - if (closesocket(sock) < 0) + if (sock < 0 || closesocket(sock) < 0) return 0; return 1; } diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 6998dcc6fc..c532e57f8f 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1353,7 +1353,9 @@ static int fix_rsa_pss_saltlen(enum state state, if (i == OSSL_NELEM(str_value_map)) { BIO_snprintf(ctx->name_buf, sizeof(ctx->name_buf), "%d", ctx->p1); } else { - strcpy(ctx->name_buf, str_value_map[i].ptr); + strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf)); + /* This won't truncate but it will quiet static analysers */ + ctx->name_buf[sizeof(ctx->name_buf) - 1] = '\0'; } ctx->p2 = ctx->name_buf; ctx->p1 = strlen(ctx->p2); diff --git a/test/dhtest.c b/test/dhtest.c index adbe3afd78..cb8d9a7de4 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -558,6 +558,7 @@ static int rfc5114_test(void) DH *dhB = NULL; unsigned char *Z1 = NULL; unsigned char *Z2 = NULL; + int szA, szB; const rfc5114_td *td = NULL; BIGNUM *priv_key = NULL, *pub_key = NULL; const BIGNUM *pub_key_tmp; @@ -580,12 +581,14 @@ static int rfc5114_test(void) goto bad_err; priv_key = pub_key = NULL; - if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA)) - || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB))) + if (!TEST_int_gt(szA = DH_size(dhA), 0) + || !TEST_int_gt(szB = DH_size(dhB), 0) + || !TEST_size_t_eq(td->Z_len, (size_t)szA) + || !TEST_size_t_eq(td->Z_len, (size_t)szB)) goto err; - if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))) - || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB)))) + if (!TEST_ptr(Z1 = OPENSSL_malloc((size_t)szA)) + || !TEST_ptr(Z2 = OPENSSL_malloc((size_t)szB))) goto bad_err; /* * Work out shared secrets using both sides and compare with expected diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c index 121e2de3d4..943cba56e5 100644 --- a/test/endecoder_legacy_test.c +++ b/test/endecoder_legacy_test.c @@ -289,7 +289,8 @@ static int test_membio_str_eq(BIO *bio_provided, BIO *bio_legacy) long len_provided = BIO_get_mem_data(bio_provided, &str_provided); long len_legacy = BIO_get_mem_data(bio_legacy, &str_legacy); - return TEST_long_ge(len_provided, 0) + return TEST_long_ge(len_legacy, 0) + && TEST_long_ge(len_provided, 0) && TEST_strn2_eq(str_provided, len_provided, str_legacy, len_legacy); }