[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Jun 30 03:56:21 UTC 2021
The branch master has been updated
via 5e56f4587de2f2e06c079272fa4d6712d56dbcf0 (commit)
via 98431c431366ec3445e92cf4c50a1d3ac80573a5 (commit)
via 159dacca4682a48ccc3625c64678b7eaf31681ef (commit)
via 196feb18de28cc5e6b59483ab61453dbca8d5c4b (commit)
via 01fb4bff9bee4b6a652d42ec9f1b677773280450 (commit)
from 10af976962b2383bb3044120a764037361b8bff7 (commit)
- Log -----------------------------------------------------------------
commit 5e56f4587de2f2e06c079272fa4d6712d56dbcf0
Author: Pauli <pauli at openssl.org>
Date: Tue Jun 29 08:26:11 2021 +1000
evp: fix coverity 1473380 Copy into fixed size buffer (STRING_OVERFLOW)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
commit 98431c431366ec3445e92cf4c50a1d3ac80573a5
Author: Pauli <pauli at openssl.org>
Date: Tue Jun 29 08:18:30 2021 +1000
dh_test: fix coverity 1473239 Argument cannot be negative (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
commit 159dacca4682a48ccc3625c64678b7eaf31681ef
Author: Pauli <pauli at openssl.org>
Date: Tue Jun 29 08:05:19 2021 +1000
s_time: avoid unlikely division by zero
Fixing coverity 966560 Division or modulo by zero (DIVIDE_BY_ZERO)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
commit 196feb18de28cc5e6b59483ab61453dbca8d5c4b
Author: Pauli <pauli at openssl.org>
Date: Tue Jun 29 08:01:13 2021 +1000
bio: check for valid socket when closing
Fixes coverity 271258 Improper use of negative value (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
commit 01fb4bff9bee4b6a652d42ec9f1b677773280450
Author: Pauli <pauli at openssl.org>
Date: Tue Jun 29 07:59:00 2021 +1000
test: fix coverity 1469427 Improper use of negative value (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
-----------------------------------------------------------------------
Summary of changes:
apps/s_time.c | 11 +++++++----
crypto/bio/bio_sock2.c | 2 +-
crypto/evp/ctrl_params_translate.c | 4 +++-
test/dhtest.c | 11 +++++++----
test/endecoder_legacy_test.c | 3 ++-
5 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/apps/s_time.c b/apps/s_time.c
index 34e939d047..1a58e19de5 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -394,10 +394,13 @@ int s_time_main(int argc, char **argv)
printf
("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
- printf
- ("%d connections in %ld real seconds, %ld bytes read per connection\n",
- nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
-
+ if (nConn > 0)
+ printf
+ ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+ nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+ else
+ printf("0 connections in %ld real seconds\n",
+ (long)time(NULL) - finishtime + maxtime);
ret = 0;
end:
diff --git a/crypto/bio/bio_sock2.c b/crypto/bio/bio_sock2.c
index f13f20148b..b6c95913ce 100644
--- a/crypto/bio/bio_sock2.c
+++ b/crypto/bio/bio_sock2.c
@@ -335,7 +335,7 @@ int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options)
*/
int BIO_closesocket(int sock)
{
- if (closesocket(sock) < 0)
+ if (sock < 0 || closesocket(sock) < 0)
return 0;
return 1;
}
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 6998dcc6fc..c532e57f8f 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1353,7 +1353,9 @@ static int fix_rsa_pss_saltlen(enum state state,
if (i == OSSL_NELEM(str_value_map)) {
BIO_snprintf(ctx->name_buf, sizeof(ctx->name_buf), "%d", ctx->p1);
} else {
- strcpy(ctx->name_buf, str_value_map[i].ptr);
+ strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf));
+ /* This won't truncate but it will quiet static analysers */
+ ctx->name_buf[sizeof(ctx->name_buf) - 1] = '\0';
}
ctx->p2 = ctx->name_buf;
ctx->p1 = strlen(ctx->p2);
diff --git a/test/dhtest.c b/test/dhtest.c
index adbe3afd78..cb8d9a7de4 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -558,6 +558,7 @@ static int rfc5114_test(void)
DH *dhB = NULL;
unsigned char *Z1 = NULL;
unsigned char *Z2 = NULL;
+ int szA, szB;
const rfc5114_td *td = NULL;
BIGNUM *priv_key = NULL, *pub_key = NULL;
const BIGNUM *pub_key_tmp;
@@ -580,12 +581,14 @@ static int rfc5114_test(void)
goto bad_err;
priv_key = pub_key = NULL;
- if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA))
- || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB)))
+ if (!TEST_int_gt(szA = DH_size(dhA), 0)
+ || !TEST_int_gt(szB = DH_size(dhB), 0)
+ || !TEST_size_t_eq(td->Z_len, (size_t)szA)
+ || !TEST_size_t_eq(td->Z_len, (size_t)szB))
goto err;
- if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))
- || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB))))
+ if (!TEST_ptr(Z1 = OPENSSL_malloc((size_t)szA))
+ || !TEST_ptr(Z2 = OPENSSL_malloc((size_t)szB)))
goto bad_err;
/*
* Work out shared secrets using both sides and compare with expected
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 121e2de3d4..943cba56e5 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -289,7 +289,8 @@ static int test_membio_str_eq(BIO *bio_provided, BIO *bio_legacy)
long len_provided = BIO_get_mem_data(bio_provided, &str_provided);
long len_legacy = BIO_get_mem_data(bio_legacy, &str_legacy);
- return TEST_long_ge(len_provided, 0)
+ return TEST_long_ge(len_legacy, 0)
+ && TEST_long_ge(len_provided, 0)
&& TEST_strn2_eq(str_provided, len_provided,
str_legacy, len_legacy);
}
More information about the openssl-commits
mailing list