Re: missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c

2023-07-02 Thread Theo Buehler
On Sat, Jul 01, 2023 at 11:09:32PM +0200, Илья Шипицин wrote: > I ran analyzer, it shows old findings. am I missing something? or patches > were not yet applied I have only just committed the diff for d1_pkt.c, thanks for the reminder. I will look into the bio_ndef.c soon. As already mentioned, t

Re: missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c

2023-07-01 Thread Илья Шипицин
I ran analyzer, it shows old findings. am I missing something? or patches were not yet applied diff = diff -u -p a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -181,6 +181,8 @@ ndef_prefix(BIO *b, unsigned char **pbuf derlen = ASN

Re: missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c

2023-05-16 Thread Илья Шипицин
вт, 16 мая 2023 г. в 21:18, Theo Buehler : > > I tried to find "missing malloc null check" using the following > coccinelle > > script (easy to run from within CI) > > Cool, that's nice. We tend to be strict with error checking in new code, > but having such a sanity check certainly won't hurt. If

Re: missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c

2023-05-16 Thread Theo Buehler
> I tried to find "missing malloc null check" using the following coccinelle > script (easy to run from within CI) Cool, that's nice. We tend to be strict with error checking in new code, but having such a sanity check certainly won't hurt. If we only need to fix half a dozen functions, it might a

Re: missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c

2023-05-16 Thread Илья Шипицин
I'm totally fine with your approach. I tried to find "missing malloc null check" using the following coccinelle script (easy to run from within CI) malloc.cocci: // find calls to malloc @call@ expression ptr; position p; @@ ptr@p = malloc(...); // find ok calls to malloc @ok@ expression ptr; p

Re: missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c

2023-05-16 Thread Theo Buehler
On Sun, May 14, 2023 at 05:51:16PM +0200, Илья Шипицин wrote: > patch attached. Thank you. While we could add these malloc checks, I do not think it is enough. For example, derlen could be <= 0 after the first call and the second call to ASN1_item_ndef_i2d() is not guaranteed to succeed and to ret

missing malloc failure check at /src/lib/libcrypto/asn1/bio_ndef.c

2023-05-14 Thread Илья Шипицин
Hello, patch attached. Ilya From c996eebf03a4c5585d2c3045407c827de60c88d5 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 14 May 2023 17:45:36 +0200 Subject: [PATCH] LibreSSL: missing malloc failure check added found during LibreSSL code audit --- src/lib/libcrypto/asn1/bio_ndef.c | 4