<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 8 May 2021 at 23:14, D. Hugh Redelmeier <<a href="mailto:hugh@mimosa.com">hugh@mimosa.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">This report appears accurate.<br>
<br>
| 1234          const struct cert *mycert = c->spd.this.cert.nss_cert != NULL ? &c->spd.this.cert : NULL;<br>
<br>
It sure looks as if can leave mycert == NULL.<br>
<br>
| 1240                  SECItem *pkcs7 = nss_pkcs7_blob(mycert, send_full_chain);<br>
<br>
This passes mycert to nss_pkcs7_blob.  That routine unconditionally<br>
dereferences that argument.<br></blockquote><div><br></div><div>Here's some more context:</div><div><br></div><div>        if (impair.send_pkcs7_thingie) {<br>                llog(RC_LOG, outpbs->outs_logger, "IMPAIR: sending cert as PKCS7 blob");<br>                SECItem *pkcs7 = nss_pkcs7_blob(mycert, send_full_chain);<br>                if (!pexpect(pkcs7 != NULL)) {<br>                        return STF_INTERNAL_ERROR;<br>                }<br></div><div> </div><div>so yes, it could NPE but only after whack --impair send-pkcs7-thingie.  I added a passert().</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I don't know the right fix -- I don't understand the code.<br>
<br>
| From: <a href="mailto:scan-admin@coverity.com" target="_blank">scan-admin@coverity.com</a><br>
| Date: Fri, 07 May 2021 22:08:57 +0000 (UTC)<br>
| Subject: New Defects reported by Coverity Scan for antonyantony/libreswan<br>
<br>
| ** CID 1504631:  Null pointer dereferences  (FORWARD_NULL)<br>
| <br>
| <br>
| ________________________________________________________________________________________________________<br>
| *** CID 1504631:  Null pointer dereferences  (FORWARD_NULL)<br>
| /programs/pluto/x509.c: 1240 in ikev2_send_cert()<br>
| 1234          const struct cert *mycert = c->spd.this.cert.nss_cert != NULL ? &c->spd.this.cert : NULL;<br>
| 1235          bool send_authcerts = c->send_ca != CA_SEND_NONE;<br>
| 1236          bool send_full_chain = send_authcerts && c->send_ca == CA_SEND_ALL;<br>
| 1237     <br>
| 1238          if (impair.send_pkcs7_thingie) {<br>
| 1239                  llog(RC_LOG, outpbs->outs_logger, "IMPAIR: sending cert as PKCS7 blob");<br>
| >>>     CID 1504631:  Null pointer dereferences  (FORWARD_NULL)<br>
| >>>     Passing null pointer "mycert" to "nss_pkcs7_blob", which dereferences it.<br>
| 1240                  SECItem *pkcs7 = nss_pkcs7_blob(mycert, send_full_chain);<br>
| 1241                  if (!pexpect(pkcs7 != NULL)) {<br>
| 1242                          return STF_INTERNAL_ERROR;<br>
| 1243                  }<br>
| 1244                  struct ikev2_cert pkcs7_hdr = {<br>
| 1245                          .isac_critical = build_ikev2_critical(false, outpbs->outs_logger),<br>
| <br>
| <br>
| ________________________________________________________________________________________________________<br>
| To view the defects in Coverity Scan visit, <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYpPdq_2TvXW9olEOZQJUSgjFohZZ3vBgori70OQNQ3CwYJqcIDeI1iUgoVPFi7HHLu9-2FPedpNlH1Tpn4KtbY0nphVzP6bA8wuRjc0Joacc-2FEG7BNuQ2YIjtZ6iOn4G42XasEDdf2ZUzs3twzYUzB1gz2QWkibZaEKVE6zMX4zivDHP9q0HxWeR0lu8wKLq2gVLKtxFXFASlTr-2Fv1N-2BfFDgmoRsqA-3D-3D" rel="noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq8aBKViEpsZ9KPFMeJd7kKMDjyzu82COVFw1h1aYx-2FtFrefiPxkohPqZgI7DsTRPR5L954NuJuE0J6c4ee-2B5kYpPdq_2TvXW9olEOZQJUSgjFohZZ3vBgori70OQNQ3CwYJqcIDeI1iUgoVPFi7HHLu9-2FPedpNlH1Tpn4KtbY0nphVzP6bA8wuRjc0Joacc-2FEG7BNuQ2YIjtZ6iOn4G42XasEDdf2ZUzs3twzYUzB1gz2QWkibZaEKVE6zMX4zivDHP9q0HxWeR0lu8wKLq2gVLKtxFXFASlTr-2Fv1N-2BfFDgmoRsqA-3D-3D</a><br>
_______________________________________________<br>
Swan-dev mailing list<br>
<a href="mailto:Swan-dev@lists.libreswan.org" target="_blank">Swan-dev@lists.libreswan.org</a><br>
<a href="https://lists.libreswan.org/mailman/listinfo/swan-dev" rel="noreferrer" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan-dev</a><br>
</blockquote></div></div>