Merge pull request #628 from dongbeiouba/fix/coverity_mem_corruption

Fix coverity issues, 497452, 497428, 497414, 497443, 497438
Tongsuo-Project · Jul 1, 2024 · 99cac9b · 99cac9b
2 parents db11baf + 98bb7e8
commit 99cac9b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/crypto/asn1/x_delegated_credential.c b/crypto/asn1/x_delegated_credential.c
@@ -202,7 +202,7 @@ DELEGATED_CREDENTIAL *DC_load_from_file_ex(const char *file,
     BIO *bio_dc = NULL;
     char *dc_hex_buf = NULL;
     unsigned char *dc_buf = NULL;
-    size_t dc_hex_len, len;
+    int dc_hex_len, len;
     size_t dc_buf_len;
 
     dc_hex_buf = OPENSSL_malloc(DC_MAX_LEN);
@@ -233,7 +233,7 @@ DELEGATED_CREDENTIAL *DC_load_from_file_ex(const char *file,
      */
     len = dc_hex_len / 2;
 
-    dc_buf = OPENSSL_malloc(len);
+    dc_buf = OPENSSL_malloc((size_t)len);
     if (dc_buf == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
         goto err;

diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
@@ -25,10 +25,10 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
 {
     EVP_CIPHER_CTX *ctx;
     unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
-    size_t ivlen, taglen, offset, loop, hdrlen;
+    size_t taglen, offset, loop, hdrlen;
     unsigned char *staticiv;
     unsigned char *seq;
-    int lenu, lenf;
+    int lenu, lenf, ivlen;
     SSL3_RECORD *rec = &recs[0];
     uint32_t alg_enc;
     WPACKET wpkt;

diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
@@ -394,6 +394,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
     } else { \
         if (DUP && val1_read == val1) { \
             TEST_error("first set did not dup the value"); \
+            val1_read = 0; \
             res = 0; \
         } \
         if (DEFAULT(val1_read)) { \
@@ -422,6 +423,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
     } else { \
         if (DUP && val2_read == val2) { \
             TEST_error("second set did not dup the value"); \
+            val2_read = 0; \
             res = 0; \
         } \
         if (val2 == val1) { \
@@ -451,6 +453,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
     } else { \
         if (DUP && val3_read == val2_read) { \
             TEST_error("third get did not create a new dup"); \
+            val3_read = 0; \
             res = 0; \
         } \
     } \