From 81a69d10e9ab2d3e668b99663405f9a1744de3b6 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Mon, 8 Nov 2021 09:27:59 +0000 Subject: [PATCH] jit-trust: show coverity we handle NULL attribute source Coverity doesn't understand that since we already handled akid.keyIdentifier.MBEDTLS_PRIVATE(len) being zero, we don't need to check for akid.keyIdentifier.MBEDTLS_PRIVATE(p) being NULL. So explicitly check it, even though it is a NOP. --- lib/tls/mbedtls/mbedtls-x509.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/tls/mbedtls/mbedtls-x509.c b/lib/tls/mbedtls/mbedtls-x509.c index e20e07fc1..b6d944d35 100644 --- a/lib/tls/mbedtls/mbedtls-x509.c +++ b/lib/tls/mbedtls/mbedtls-x509.c @@ -202,7 +202,8 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING) return 1; buf->ns.len = (int)akid.keyIdentifier.MBEDTLS_PRIVATE(len); - if (len < (size_t)buf->ns.len) + if (!akid.keyIdentifier.MBEDTLS_PRIVATE(p) || + len < (size_t)buf->ns.len) return -1; memcpy(buf->ns.name, akid.keyIdentifier.MBEDTLS_PRIVATE(p), (size_t)buf->ns.len); break; @@ -224,6 +225,7 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, while (ip) { if (akid.keyIdentifier.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING || + !ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(p) || ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) < 9 || len < (size_t)ip->MBEDTLS_PRIVATE(buf).MBEDTLS_PRIVATE(len) - 9u) break; @@ -246,7 +248,8 @@ lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, if (akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(tag) != MBEDTLS_ASN1_OCTET_STRING) return 1; buf->ns.len = (int)akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(len); - if (len < (size_t)buf->ns.len) + if (!akid.authorityCertSerialNumber.MBEDTLS_PRIVATE(p) || + len < (size_t)buf->ns.len) return -1; memcpy(buf->ns.name, akid.authorityCertSerialNumber. MBEDTLS_PRIVATE(p), (size_t)buf->ns.len);