The function EVP_SealInit can return a negative integer in an error case, so the result should be tested with <= 0.
The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @match@ expression x, E; position p1,p2,p3; constant C; @@ ( break; // parsing problem, show that this is a statement disjunction | (x = EVP_SealInit(...)) <= \(0\|-C\) | (x = EVP_SealInit(...)) < \(0\|-C\) | (x = EVP_SealInit(...)) > 0 | (x = EVP_SealInit(...)) == -C | x...@p1 = EVP_SealInit(...) <... when != x <= \(0\|-C\) when != x < \(0\|-C\) when != x > 0 when != x == -C ( (x...@p3 != 0 || ...) // ensure it is a test expression | x...@p3 == 0 ) ...> ( return ...; | x...@p2++ | x...@p2-- | x...@p2 += E | x...@p2 -= E | x...@p2 = E ) ) @script:python@ p1 << match.p1; p3 << match.p3; @@ cocci.print_main("EVP_SealInit",p1) cocci.print_secs("test",p3) cocci.include_match(False) // </smpl> --- diff -u -p a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c --- a/crypto/pem/pem_seal.c 2005-07-16 14:37:33.000000000 +0200 +++ b/crypto/pem/pem_seal.c 2009-09-22 15:56:27.000000000 +0200 @@ -100,7 +100,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ct EVP_CIPHER_CTX_init(&ctx->cipher); ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); - if (!ret) goto err; + if (ret <= 0) goto err; /* base64 encode the keys */ for (i=0; i<npubk; i++) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
