[openssl/openssl] 588080: Fix coverity 1503330 use after free

pauli noreply at reply.github.openssl.org
Fri May 6 08:21:41 UTC 2022 

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 588080cbf8e254ca2c033224146bc29fddea75a7
      https://github.openssl.org/openssl/openssl/commit/588080cbf8e254ca2c033224146bc29fddea75a7
  Author: Pauli <pauli at openssl.org>
  Date:   2022-05-06 (Fri, 06 May 2022)

  Changed paths:
    M test/acvp_test.c

  Log Message:
  -----------
  Fix coverity 1503330 use after free

This is a false positive resulting from confusion over up_ref/free.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)


  Commit: 66cb4fcdc5039fe5b1476ed48a936137a307a58b
      https://github.openssl.org/openssl/openssl/commit/66cb4fcdc5039fe5b1476ed48a936137a307a58b
  Author: Pauli <pauli at openssl.org>
  Date:   2022-05-06 (Fri, 06 May 2022)

  Changed paths:
    M crypto/store/store_lib.c

  Log Message:
  -----------
  Fix Coverity 1503329 use after free

Another false positive tagged as such

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)


  Commit: 71b7f34978c7332562300487af497559b67f600a
      https://github.openssl.org/openssl/openssl/commit/71b7f34978c7332562300487af497559b67f600a
  Author: Pauli <pauli at openssl.org>
  Date:   2022-05-06 (Fri, 06 May 2022)

  Changed paths:
    M crypto/evp/evp_enc.c

  Log Message:
  -----------
  Fix Coverity 1503325 use after free

Another reference counting false positive, now negated.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)


  Commit: a381897470f5c6ac2f4e71f48d33d71cde7873dd
      https://github.openssl.org/openssl/openssl/commit/a381897470f5c6ac2f4e71f48d33d71cde7873dd
  Author: Pauli <pauli at openssl.org>
  Date:   2022-05-06 (Fri, 06 May 2022)

  Changed paths:
    M crypto/evp/exchange.c

  Log Message:
  -----------
  Fix Coverity 1503322, 1503324, 1503328 memory accesses

These are all false positives result from Coverity not understanding our
up_ref and free pairing.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18014)


Compare: https://github.openssl.org/openssl/openssl/compare/3c0e8bc4a797...a381897470f5

More information about the openssl-commits mailing list