On Sun, Sep 09, 2018 at 10:38:50PM +0000, Dr. Matthias St. Pierre wrote: > preliminary status report: > > *** CID 1439138: Integer handling issues (NEGATIVE_RETURNS) > see https://github.com/openssl/openssl/pull/7156 > > *** CID 1439137: Integer handling issues (NEGATIVE_RETURNS) > work in progress...
I think this one may be a false positive -- it's worried that EVP_MD_size() will return -1, but we've essentially already validated that the md is valid by the time we get there. I didn't do a full check, though. -Ben > *** CID 1439136: Resource leaks (RESOURCE_LEAK) > see https://github.com/openssl/openssl/pull/7155 > > *** CID 1439135: Memory - illegal accesses (INCOMPATIBLE_CAST) > todo > > *** CID 1423323: Null pointer dereferences (FORWARD_NULL) > see https://github.com/openssl/openssl/pull/7158 > > *** CID 1201571: Error handling issues (CHECKED_RETURN) > todo > > if anybody wants to fix one of the CIDs marked 'todo', no problem. Just drop > a note on the openssl-project list. > > Matthias > > > > -----Ursprüngliche Nachricht----- > > Von: openssl-project <openssl-project-boun...@openssl.org> Im Auftrag von > > Benjamin Kaduk > > Gesendet: Sonntag, 9. September 2018 18:04 > > An: openssl-project@openssl.org > > Betreff: [openssl-project] coverity defect release criteria (Fwd: New > > Defects reported by Coverity Scan for openssl/openssl) > > > > I see that Matthias has opened pull requests for a couple of these already; > > are you planning to work through the rest of them as well? > > > > -Ben > > > > On Sun, Sep 09, 2018 at 09:28:12AM +0000, scan-ad...@coverity.com wrote: > > > Hi, > > > > > > Please find the latest report on new defect(s) introduced to > > > openssl/openssl found with Coverity Scan. > > > > > > 6 new defect(s) introduced to openssl/openssl found with Coverity Scan. > > > > > > > > > New defect(s) Reported-by: Coverity Scan > > > Showing 6 of 6 defect(s) > > > > > > > > > ** CID 1439138: Integer handling issues (NEGATIVE_RETURNS) > > > > > > > > > ________________________________________________________________________________________________________ > > > *** CID 1439138: Integer handling issues (NEGATIVE_RETURNS) > > > /crypto/rsa/rsa_pss.c: 247 in RSA_padding_add_PKCS1_PSS_mgf1() > > > 241 EM[emLen - 1] = 0xbc; > > > 242 > > > 243 ret = 1; > > > 244 > > > 245 err: > > > 246 EVP_MD_CTX_free(ctx); > > > >>> CID 1439138: Integer handling issues (NEGATIVE_RETURNS) > > > >>> "sLen" is passed to a parameter that cannot be negative. > > > 247 OPENSSL_clear_free(salt, sLen); > > > 248 > > > 249 return ret; > > > 250 > > > 251 } > > > 252 > > > 253 #if defined(_MSC_VER) > > > 254 # pragma optimize("",on) > > > > > > ** CID 1439137: Integer handling issues (NEGATIVE_RETURNS) > > > > > > > > > ________________________________________________________________________________________________________ > > > *** CID 1439137: Integer handling issues (NEGATIVE_RETURNS) > > > /crypto/sm2/sm2_pmeth.c: 277 in pkey_sm2_digest_custom() > > > 271 } > > > 272 > > > 273 /* get hashed prefix 'z' of tbs message */ > > > 274 if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, > > > ec)) > > > 275 return 0; > > > 276 > > > >>> CID 1439137: Integer handling issues (NEGATIVE_RETURNS) > > > >>> "EVP_MD_size(md)" is passed to a parameter that cannot be > > > >>> negative. > > > 277 return EVP_DigestUpdate(mctx, z, EVP_MD_size(md)); > > > 278 } > > > 279 > > > 280 const EVP_PKEY_METHOD sm2_pkey_meth = { > > > 281 EVP_PKEY_SM2, > > > 282 0, > > > > > > ** CID 1439136: Resource leaks (RESOURCE_LEAK) > > > /test/dhtest.c: 202 in dh_test() > > > > > > > > > ________________________________________________________________________________________________________ > > > *** CID 1439136: Resource leaks (RESOURCE_LEAK) > > > /test/dhtest.c: 202 in dh_test() > > > 196 BN_free(bp); > > > 197 BN_free(bg); > > > 198 BN_free(cpriv_key); > > > 199 BN_GENCB_free(_cb); > > > 200 DH_free(dh); > > > 201 > > > >>> CID 1439136: Resource leaks (RESOURCE_LEAK) > > > >>> Variable "priv_key" going out of scope leaks the storage it > > > >>> points to. > > > 202 return ret; > > > 203 } > > > 204 > > > 205 static int cb(int p, int n, BN_GENCB *arg) > > > 206 { > > > 207 return 1; > > > > > > ** CID 1439135: Memory - illegal accesses (INCOMPATIBLE_CAST) > > > > > > > > > ________________________________________________________________________________________________________ > > > *** CID 1439135: Memory - illegal accesses (INCOMPATIBLE_CAST) > > > /apps/speed.c: 3105 in speed_main() > > > 3099 ERR_print_errors(bio_err); > > > 3100 rsa_count = 1; > > > 3101 } else { > > > 3102 for (i = 0; i < loopargs_len; i++) { > > > 3103 /* Perform EdDSA signature test */ > > > 3104 loopargs[i].siglen = > > > test_ed_curves[testnum].siglen; > > > >>> CID 1439135: Memory - illegal accesses (INCOMPATIBLE_CAST) > > > >>> Pointer "&loopargs[i].siglen" points to an object whose effective > > > >>> type is "unsigned int" (32 bits, unsigned) but is dereferenced as a > > wider "unsigned long" (64 bits, unsigned). This may lead to memory > > corruption. > > > 3105 st = > > > EVP_DigestSign(loopargs[i].eddsa_ctx[testnum], > > > 3106 loopargs[i].buf2, (size_t > > > *)&loopargs[i].siglen, > > > 3107 loopargs[i].buf, 20); > > > 3108 if (st == 0) > > > 3109 break; > > > 3110 } > > > > > > ** CID 1423323: Null pointer dereferences (FORWARD_NULL) > > > > > > > > > ________________________________________________________________________________________________________ > > > *** CID 1423323: Null pointer dereferences (FORWARD_NULL) > > > /test/evp_extra_test.c: 894 in test_EVP_PKEY_check() > > > 888 > > > 889 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), > > > expected_param_check)) > > > 890 goto done; > > > 891 > > > 892 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); > > > 893 /* assign the pkey directly, as an internal test */ > > > >>> CID 1423323: Null pointer dereferences (FORWARD_NULL) > > > >>> Passing null pointer "pkey" to "EVP_PKEY_up_ref", which > > > >>> dereferences it. > > > 894 EVP_PKEY_up_ref(pkey); > > > 895 ctx2->pkey = pkey; > > > 896 > > > 897 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) > > > 898 goto done; > > > 899 > > > > > > ** CID 1201571: Error handling issues (CHECKED_RETURN) > > > /crypto/pkcs12/p12_init.c: 25 in PKCS12_init() > > > > > > > > > ________________________________________________________________________________________________________ > > > *** CID 1201571: Error handling issues (CHECKED_RETURN) > > > /crypto/pkcs12/p12_init.c: 25 in PKCS12_init() > > > 19 PKCS12 *pkcs12; > > > 20 > > > 21 if ((pkcs12 = PKCS12_new()) == NULL) { > > > 22 PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); > > > 23 return NULL; > > > 24 } > > > >>> CID 1201571: Error handling issues (CHECKED_RETURN) > > > >>> Calling "ASN1_INTEGER_set" without checking return value (as is > > > >>> done elsewhere 30 out of 37 times). > > > 25 ASN1_INTEGER_set(pkcs12->version, 3); > > > 26 pkcs12->authsafes->type = OBJ_nid2obj(mode); > > > 27 switch (mode) { > > > 28 case NID_pkcs7_data: > > > 29 if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) > > > == NULL) { > > > 30 PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); > > > > > > > > > ________________________________________________________________________________________________________ > > > To view the defects in Coverity Scan visit, > > > https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F- > > 2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUE4H-2Fm-2BeoDOl8jw7bf4Z78hw-3D-3D_bpOft2V4l9NXEcTx5CnNFJqpP- > > 2F8a09dz6vsuNilvAJgBy9hWgnGhTAFGZnkvhcJuSQocoiCV36Dw66FwvViDOF-2BGQbzbMH8LM1tsnputryXt7SEgZZ- > > 2FmpoWsuVr91UzOFBmmlL0bipzCjL7WfoT7QvLLnFuGxTjboshY44ftCBEhW8TAZR-2B1c1y7JdbYkdSXw-2B7Vmts-2F- > > 2BitkvIjISgebBlgXuThX1DnzutpYSf00XD0-3D > > > > > > To manage Coverity Scan email notifications for "kaduk-git...@mit.edu", > > > click > > https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP- > > 2FA8y06Nq414hC6p-2BsqBEViFMJYotwSt4SYNeSzd6tPCdCHgDzpHIBW-2Fr0I0sQJCop-2Fx5Lu2ueYFxYqLmFh7APZbTTED- > > 2B53KXZ2qVo0Y2q2bUC-2BpL2TzE-3D_bpOft2V4l9NXEcTx5CnNFJqpP-2F8a09dz6vsuNilvAJgBy9hWgnGhTAFGZnkvhcJu7xxYKPr1HkiPh- > > 2BL3MaUbhQMZae3MPjv9c6bU6U4uhOZEhiS1P-2BwpukQ4-2BcSzk5FouA75ij0odEEgZcWTB05BKimz0wg0Y8JsC1Izz20- > > 2FpfRp2kjWD47vvs4NmxuDPkNqvS3qoLRQ0vIXW8CFF339G-2B7jGolZ214Wxo3Gh6Hc0HY-3D > > > > > _______________________________________________ > > openssl-project mailing list > > openssl-project@openssl.org > > https://mta.openssl.org/mailman/listinfo/openssl-project > _______________________________________________ > openssl-project mailing list > openssl-project@openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-project _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project