[Swan-dev] Coverty detects apparent problem with ikev2_send_cert
Andrew Cagney
andrew.cagney at gmail.com
Tue May 18 03:19:25 UTC 2021
On Sat, 8 May 2021 at 23:14, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
> This report appears accurate.
>
> | 1234 const struct cert *mycert = c->spd.this.cert.nss_cert !=
> NULL ? &c->spd.this.cert : NULL;
>
> It sure looks as if can leave mycert == NULL.
>
> | 1240 SECItem *pkcs7 = nss_pkcs7_blob(mycert,
> send_full_chain);
>
> This passes mycert to nss_pkcs7_blob. That routine unconditionally
> dereferences that argument.
>
Here's some more context:
if (impair.send_pkcs7_thingie) {
llog(RC_LOG, outpbs->outs_logger, "IMPAIR: sending cert as
PKCS7 blob");
SECItem *pkcs7 = nss_pkcs7_blob(mycert, send_full_chain);
if (!pexpect(pkcs7 != NULL)) {
return STF_INTERNAL_ERROR;
}
so yes, it could NPE but only after whack --impair send-pkcs7-thingie. I
added a passert().
> I don't know the right fix -- I don't understand the code.
>
> | From: scan-admin at coverity.com
> | Date: Fri, 07 May 2021 22:08:57 +0000 (UTC)
> | Subject: New Defects reported by Coverity Scan for antonyantony/libreswan
>
> | ** CID 1504631: Null pointer dereferences (FORWARD_NULL)
> |
> |
> |
> ________________________________________________________________________________________________________
> | *** CID 1504631: Null pointer dereferences (FORWARD_NULL)
> | /programs/pluto/x509.c: 1240 in ikev2_send_cert()
> | 1234 const struct cert *mycert = c->spd.this.cert.nss_cert !=
> NULL ? &c->spd.this.cert : NULL;
> | 1235 bool send_authcerts = c->send_ca != CA_SEND_NONE;
> | 1236 bool send_full_chain = send_authcerts && c->send_ca ==
> CA_SEND_ALL;
> | 1237
> | 1238 if (impair.send_pkcs7_thingie) {
> | 1239 llog(RC_LOG, outpbs->outs_logger, "IMPAIR: sending
> cert as PKCS7 blob");
> | >>> CID 1504631: Null pointer dereferences (FORWARD_NULL)
> | >>> Passing null pointer "mycert" to "nss_pkcs7_blob", which
> dereferences it.
> | 1240 SECItem *pkcs7 = nss_pkcs7_blob(mycert,
> send_full_chain);
> | 1241 if (!pexpect(pkcs7 != NULL)) {
> | 1242 return STF_INTERNAL_ERROR;
> | 1243 }
> | 1244 struct ikev2_cert pkcs7_hdr = {
> | 1245 .isac_critical =
> build_ikev2_critical(false, outpbs->outs_logger),
> |
> |
> |
> ________________________________________________________________________________________________________
> | To view the defects in Coverity Scan visit,
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYpPdq_2TvXW9olEOZQJUSgjFohZZ3vBgori70OQNQ3CwYJqcIDeI1iUgoVPFi7HHLu9-2FPedpNlH1Tpn4KtbY0nphVzP6bA8wuRjc0Joacc-2FEG7BNuQ2YIjtZ6iOn4G42XasEDdf2ZUzs3twzYUzB1gz2QWkibZaEKVE6zMX4zivDHP9q0HxWeR0lu8wKLq2gVLKtxFXFASlTr-2Fv1N-2BfFDgmoRsqA-3D-3D
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210517/324ad29c/attachment.html>
More information about the Swan-dev
mailing list