From ad14e8e5085936bb495d15f4e0a1b653460ae4dd Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Tue, 4 Jun 2019 11:32:58 +1000 Subject: [PATCH] Coverity fixes covID 1445689 Resource leak (in error path) covID 1445318 Resource leak (in test - minor) covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used) covID 1443691 Resource leak (in app - minor) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9071) --- apps/verify.c | 11 ++++++++++- crypto/provider_core.c | 3 ++- ssl/tls13_enc.c | 1 + test/enginetest.c | 2 +- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/apps/verify.c b/apps/verify.c index 3767972a5e..fd407646f5 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -169,11 +169,20 @@ int verify_main(int argc, char **argv) v_verbose = 1; break; case OPT_SM2ID: - /* we assume the input is not a hex string */ + if (sm2_id != NULL) { + BIO_printf(bio_err, + "Use one of the options 'sm2-hex-id' or 'sm2-id' \n"); + goto end; + } sm2_id = (unsigned char *)opt_arg(); sm2_idlen = strlen((const char *)sm2_id); break; case OPT_SM2HEXID: + if (sm2_id != NULL) { + BIO_printf(bio_err, + "Use one of the options 'sm2-hex-id' or 'sm2-id' \n"); + goto end; + } /* try to parse the input as hex string first */ sm2_free = 1; sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen); diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 837f4b5daf..bcf6aa9eb1 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -194,7 +194,8 @@ int ossl_provider_upref(OSSL_PROVIDER *prov) { int ref = 0; - CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock); + if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0) + return 0; return ref; } diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index b0fc4b296d..9bc34c1b85 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -170,6 +170,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, if (!ossl_assert(mdleni >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); + EVP_KDF_CTX_free(kctx); return 0; } mdlen = (size_t)mdleni; diff --git a/test/enginetest.c b/test/enginetest.c index 4836cbe92f..b4d117efa2 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -279,7 +279,7 @@ static int test_redirect(void) * Try setting test key engine. Both should fail because the * engine has no public key methods. */ - if (!TEST_ptr_null(EVP_PKEY_CTX_new(pkey, e)) + if (!TEST_ptr_null(ctx = EVP_PKEY_CTX_new(pkey, e)) || !TEST_int_le(EVP_PKEY_set1_engine(pkey, e), 0)) goto err; -- 2.25.1