In each case, the value of i might be the result of calling i2b_PVK_bio, i2b_PublicKey_bio, or i2b_PrivateKey_bio, each of which can return a negative value in case of an error. Thus the result should be tested with <= 0. On the other hand, it appears that if OPENSSL_NO_RSA or OPENSSL_NO_DSA is defined, in dsa.c or rsa.c, respectively, then the value of i can only be initialized to 0 or 1. #ifdef could be used to make two separate cases, but perhaps it is not worth it.
The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @match@ expression x, E; position p1,p2,p3; constant C; @@ ( break; // parsing problem, show that this is a statement disjunction | (x = i2b_PVK_bio(...)) <= \(0\|-C\) | (x = i2b_PVK_bio(...)) < \(0\|-C\) | (x = i2b_PVK_bio(...)) > 0 | (x = i2b_PVK_bio(...)) == -C | x...@p1 = i2b_PVK_bio(...) <... when != x <= \(0\|-C\) when != x < \(0\|-C\) when != x > 0 when != x == -C ( (x...@p3 != 0 || ...) // ensure it is a test expression | x...@p3 == 0 ) ...> ( return ...; | x...@p2++ | x...@p2-- | x...@p2 += E | x...@p2 -= E | x...@p2 = E ) ) @script:python@ p1 << match.p1; p3 << match.p3; @@ cocci.print_main("i2b_PVK_bio",p1) cocci.print_secs("test",p3) cocci.include_match(False) // </smpl> --- diff -u -p a/apps/dsa.c b/apps/dsa.c --- a/apps/dsa.c 2009-04-23 20:01:36.000000000 +0200 +++ b/apps/dsa.c 2009-09-22 15:59:14.000000000 +0200 @@ -351,7 +351,7 @@ bad: BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } - if (!i) + if (i <= 0) { BIO_printf(bio_err,"unable to write private key\n"); ERR_print_errors(bio_err); diff -u -p a/apps/rsa.c b/apps/rsa.c --- a/apps/rsa.c 2009-04-23 20:01:37.000000000 +0200 +++ b/apps/rsa.c 2009-09-22 16:01:08.000000000 +0200 @@ -426,7 +426,7 @@ bad: BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } - if (!i) + if (i <= 0) { BIO_printf(bio_err,"unable to write key\n"); ERR_print_errors(bio_err); ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
