diff options
author | Ladar Levison <ladar@lavabit.com> | 2018-09-18 21:58:54 +0300 |
---|---|---|
committer | Ladar Levison <ladar@lavabit.com> | 2018-09-18 21:58:54 +0300 |
commit | b39574310262231ffef63b141df8a7d4844eab68 (patch) | |
tree | c039b1971a94dd0f6f58352f487b84f80600b886 | |
parent | 3f3915dede4b09316feacf0c7c24c313c1222fe7 (diff) |
Logic errors identified by static code analysis.
-rw-r--r-- | check/magma/core/bitwise_check.c | 4 | ||||
-rw-r--r-- | check/magma/prime/prime_check.c | 12 | ||||
-rw-r--r-- | check/magma/providers/provide_check.c | 64 | ||||
-rw-r--r-- | check/magma/providers/tank_check.c | 31 | ||||
-rw-r--r-- | check/magma/servers/camel/camel_check_network.c | 4 | ||||
-rw-r--r-- | src/core/host/ip.c | 2 | ||||
-rw-r--r-- | src/network/clients.c | 4 | ||||
-rw-r--r-- | src/providers/cryptography/ecies.c | 2 | ||||
-rw-r--r-- | src/providers/deprecated/ecies.c | 2 |
9 files changed, 63 insertions, 62 deletions
diff --git a/check/magma/core/bitwise_check.c b/check/magma/core/bitwise_check.c index 8070bb19..3d2625ba 100644 --- a/check/magma/core/bitwise_check.c +++ b/check/magma/core/bitwise_check.c @@ -111,8 +111,8 @@ bool_t check_bitwise_determinism(void) { st_free(res2); if(!(res1 = st_not(a, NULL)) || !(res2 = st_not(a, NULL))) { - st_free(res1); - st_free(res2); + st_cleanup(res1); + st_cleanup(res2); return false; } else if(st_cmp_cs_eq(res1, res2)) { diff --git a/check/magma/prime/prime_check.c b/check/magma/prime/prime_check.c index b1b7b2df..a806709c 100644 --- a/check/magma/prime/prime_check.c +++ b/check/magma/prime/prime_check.c @@ -12,22 +12,22 @@ START_TEST (check_stacie_s) { log_disable(); bool_t result = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); if (status() && !(result = check_stacie_parameters())) { - errmsg = NULLER("STACIE parameter checks failed."); + st_sprint(errmsg, "STACIE parameter checks failed."); } else if (status() && result && !(result = check_stacie_determinism())) { - errmsg = NULLER("STACIE checks to ensure a deterministic outcome failed."); + st_sprint(errmsg, "STACIE checks to ensure a deterministic outcome failed."); } else if (status() && result && !(result = check_stacie_rounds())) { - errmsg = NULLER("STACIE round calculation checks failed."); + st_sprint(errmsg, "STACIE round calculation checks failed."); } else if (status() && result && !(result = check_stacie_simple())) { - errmsg = NULLER("STACIE failed to produce the expected result using the hard coded input values."); + st_sprint(errmsg, "STACIE failed to produce the expected result using the hard coded input values."); } else if (status() && result && !(result = check_stacie_bitflip())) { - errmsg = NULLER("The STACIE encryption scheme failed to detect tampering of an encrypted buffer."); + st_sprint(errmsg, "The STACIE encryption scheme failed to detect tampering of an encrypted buffer."); } log_test("PRIME / STACIE / SINGLE THREADED:", errmsg); diff --git a/check/magma/providers/provide_check.c b/check/magma/providers/provide_check.c index 39e345ab..bf68f915 100644 --- a/check/magma/providers/provide_check.c +++ b/check/magma/providers/provide_check.c @@ -47,14 +47,14 @@ START_TEST (check_compress_lzo_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_compress_opt_t opts = { .engine = COMPRESS_ENGINE_LZO }; if (!check_compress_sthread(&opts)) { outcome = false; - errmsg = NULLER("The single-threaded LZO compression test failed."); + st_sprint(errmsg, "The single-threaded LZO compression test failed."); } log_test("COMPRESSION / LZO / SINGLE THREADED:", errmsg); @@ -66,14 +66,14 @@ START_TEST (check_compress_lzo_m) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_compress_opt_t opts = { .engine = COMPRESS_ENGINE_LZO }; if (!check_compress_mthread(&opts)) { outcome = false; - errmsg = NULLER("The multi-threaded LZO compression test failed."); + st_sprint(errmsg, "The multi-threaded LZO compression test failed."); } log_test("COMPRESSION / LZO / MULTI THREADED:", errmsg); @@ -85,14 +85,14 @@ START_TEST (check_compress_zlib_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_compress_opt_t opts = { .engine = COMPRESS_ENGINE_ZLIB }; if (!check_compress_sthread(&opts)) { outcome = false; - errmsg = NULLER("The single-threaded ZLIB compression test failed."); + st_sprint(errmsg, "The single-threaded ZLIB compression test failed."); } log_test("COMPRESSION / ZLIB / SINGLE THREADED:", errmsg); @@ -104,14 +104,14 @@ START_TEST (check_compress_zlib_m) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_compress_opt_t opts = { .engine = COMPRESS_ENGINE_ZLIB }; if (!check_compress_mthread(&opts)) { outcome = false; - errmsg = NULLER("The multi-threaded ZLIB compression test failed."); + st_sprint(errmsg, "The multi-threaded ZLIB compression test failed."); } log_test("COMPRESSION / ZLIB / MULTI THREADED:", errmsg); @@ -123,14 +123,14 @@ START_TEST (check_compress_bzip_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_compress_opt_t opts = { .engine = COMPRESS_ENGINE_BZIP }; if (!check_compress_sthread(&opts)) { outcome = false; - errmsg = NULLER("The single-threaded BZIP compression test failed."); + st_sprint(errmsg, "The single-threaded BZIP compression test failed."); } log_test("COMPRESSION / BZIP / SINGLE THREADED:", errmsg); @@ -142,14 +142,14 @@ START_TEST (check_compress_bzip_m) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_compress_opt_t opts = { .engine = COMPRESS_ENGINE_BZIP }; if (!check_compress_mthread(&opts)) { outcome = false; - errmsg = NULLER("The multi-threaded BZIP compression test failed."); + st_sprint(errmsg, "The multi-threaded BZIP compression test failed."); } log_test("COMPRESSION / BZIP / MULTI THREADED:", errmsg); @@ -162,14 +162,14 @@ START_TEST (check_tank_lzo_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_tank_opt_t opts = { .engine = TANK_COMPRESS_LZO }; if (!check_tokyo_tank_sthread(&opts)) { outcome = false; - errmsg = NULLER("The single-threaded LZO storage tank test failed."); + st_sprint(errmsg, "The single-threaded LZO storage tank test failed."); } log_test("TANK / LZO / SINGLE THREADED:", errmsg); @@ -182,14 +182,14 @@ START_TEST (check_tank_lzo_m) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_tank_opt_t opts = { .engine = TANK_COMPRESS_LZO }; if (!check_tokyo_tank_mthread(&opts)) { outcome = false; - errmsg = NULLER("The multi-threaded LZO storage tank test failed."); + st_sprint(errmsg, "The multi-threaded LZO storage tank test failed."); } log_test("TANK / LZO / MULTI THREADED:", errmsg); @@ -202,14 +202,14 @@ START_TEST (check_tank_zlib_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_tank_opt_t opts = { .engine = TANK_COMPRESS_ZLIB }; if (!check_tokyo_tank_sthread(&opts)) { outcome = false; - errmsg = NULLER("The single-threaded ZLIB storage tank test failed."); + st_sprint(errmsg, "The single-threaded ZLIB storage tank test failed."); } log_test("TANK / ZLIB / SINGLE THREADED:", errmsg); @@ -223,14 +223,14 @@ START_TEST (check_tank_zlib_m) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_tank_opt_t opts = { .engine = TANK_COMPRESS_ZLIB }; if (!check_tokyo_tank_mthread(&opts)) { outcome = false; - errmsg = NULLER("The multi-threaded ZLIB storage tank test failed."); + st_sprint(errmsg, "The multi-threaded ZLIB storage tank test failed."); } log_test("TANK / ZLIB / MULTI THREADED:", errmsg); @@ -243,14 +243,14 @@ START_TEST (check_tank_bzip_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_tank_opt_t opts = { .engine = TANK_COMPRESS_BZIP }; if (!check_tokyo_tank_sthread(&opts)) { outcome = false; - errmsg = NULLER("The single-threaded BZIP storage tank test failed."); + st_sprint(errmsg, "The single-threaded BZIP storage tank test failed."); } log_test("TANK / BZIP / SINGLE THREADED:", errmsg); @@ -263,14 +263,14 @@ START_TEST (check_tank_bzip_m) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); check_tank_opt_t opts = { .engine = TANK_COMPRESS_BZIP }; if (!check_tokyo_tank_mthread(&opts)) { outcome = false; - errmsg = NULLER("The multi-threaded BZIP storage tank test failed."); + st_sprint(errmsg, "The multi-threaded BZIP storage tank test failed."); } log_test("TANK / BZIP / MULTI THREADED:", errmsg); @@ -285,11 +285,11 @@ START_TEST (check_ecies_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); if (!check_ecies_sthread()) { outcome = false; - errmsg = NULLER("The ECIES test failed."); + st_sprint(errmsg, "The ECIES test failed."); } log_test("CRYPTOGRAPHY / ECIES / SINGLE THREADED:", errmsg); @@ -394,11 +394,11 @@ START_TEST (check_scramble_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); if (!check_scramble_sthread()) { outcome = false; - errmsg = NULLER("Failed to check scrable single-threaded."); + st_sprint(errmsg, "Failed to check scrable single-threaded."); } log_test("CRYPTOGRAPHY / SCRAMBLE / SINGLE THREADED:", errmsg); @@ -516,11 +516,11 @@ START_TEST (check_dspam_mail_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); if (status() && !check_dspam_mail_sthread()) { outcome = false; - errmsg = NULLER("The check_dspam_mail_s test failed"); + st_sprint(errmsg, "The check_dspam_mail_s test failed"); } log_test("CHECKERS / DSPAM / MAIL / SINGLE THREADED:", errmsg); @@ -532,11 +532,11 @@ START_TEST (check_dspam_bin_s) { log_disable(); bool_t outcome = true; - stringer_t *errmsg = NULL; + stringer_t *errmsg = MANAGEDBUF(1024); if (status() && !check_dspam_binary_sthread()) { outcome = false; - errmsg = NULLER("check_dspam_bin_s failed"); + st_sprint(errmsg, "check_dspam_bin_s failed"); } log_test("CHECKERS / DSPAM / BINARY / SINGLE THREADED:", errmsg); diff --git a/check/magma/providers/tank_check.c b/check/magma/providers/tank_check.c index 5afad36c..b51967b2 100644 --- a/check/magma/providers/tank_check.c +++ b/check/magma/providers/tank_check.c @@ -136,21 +136,22 @@ bool_t check_tokyo_tank_load(inx_t *check_collection, check_tank_opt_t *opts) { log_unit("Allocating check_tank_obj_t failed. { message = %i }", i); outcome = false; } - - obj->adler32 = hash_adler32(st_char_get(data), st_length_int(data)); - obj->fletcher32 = hash_fletcher32(st_char_get(data), st_length_int(data)); - obj->crc32 = crc32_checksum(st_char_get(data), st_length_int(data)); - obj->crc64 = crc64_checksum(st_char_get(data), st_length_int(data)); - obj->murmur32 = hash_murmur32(st_char_get(data), st_length_int(data)); - obj->murmur64 = hash_murmur64(st_char_get(data), st_length_int(data)); - - // Request the next storage tank. - obj->tnum = tank_cycle(); - - // Try storing the file data. - if (!(obj->onum = tank_store(TANK_CHECK_DATA_HNUM, obj->tnum, TANK_CHECK_DATA_UNUM, data, opts->engine))) { - log_unit("The tank_store function failed. { message = %i }", i); - outcome = false; + else { + obj->adler32 = hash_adler32(st_char_get(data), st_length_int(data)); + obj->fletcher32 = hash_fletcher32(st_char_get(data), st_length_int(data)); + obj->crc32 = crc32_checksum(st_char_get(data), st_length_int(data)); + obj->crc64 = crc64_checksum(st_char_get(data), st_length_int(data)); + obj->murmur32 = hash_murmur32(st_char_get(data), st_length_int(data)); + obj->murmur64 = hash_murmur64(st_char_get(data), st_length_int(data)); + + // Request the next storage tank. + obj->tnum = tank_cycle(); + + // Try storing the file data. + if (!(obj->onum = tank_store(TANK_CHECK_DATA_HNUM, obj->tnum, TANK_CHECK_DATA_UNUM, data, opts->engine))) { + log_unit("The tank_store function failed. { message = %i }", i); + outcome = false; + } } st_cleanup(data); diff --git a/check/magma/servers/camel/camel_check_network.c b/check/magma/servers/camel/camel_check_network.c index 75170632..93f811b8 100644 --- a/check/magma/servers/camel/camel_check_network.c +++ b/check/magma/servers/camel/camel_check_network.c @@ -68,7 +68,7 @@ stringer_t * check_camel_print(stringer_t *command, stringer_t *cookie, bool_t s // Submit the command and check the status of the response. if (!(client = check_camel_connect(secure)) || !check_camel_json_write(client, command, cookie, secure) || - (length = check_http_content_length_get(client)) < 0 || !(json = check_camel_json_read(client, length))) { + (length = check_http_content_length_get(client)) <= 0 || !(json = check_camel_json_read(client, length))) { client_close(client); return false; @@ -1772,7 +1772,7 @@ bool_t check_camel_basic_sthread(bool_t secure, stringer_t *errmsg) { for (size_t i = 0; !contains_entries[0] && i < json_array_size_d(json_objs[1]); i++) { json_objs[2] = json_array_get_d(json_objs[1], i); - if (json_unpack_d(json_objs[2], "{s:i}", "alertID", &alert_ids[1]) == 0 && alert_ids[0] == alert_ids[0]) { + if (json_unpack_d(json_objs[2], "{s:i}", "alertID", &alert_ids[1]) == 0 && alert_ids[1] == alert_ids[0]) { contains_entries[0] = true; } diff --git a/src/core/host/ip.c b/src/core/host/ip.c index 89ceef5c..fb09ad32 100644 --- a/src/core/host/ip.c +++ b/src/core/host/ip.c @@ -19,7 +19,7 @@ int_t ip_family(ip_t *address) { int_t result = -1; // Valid structures, with what appear to be invalid address families result in AF_UNSPEC. - if (address && (address->family < AF_UNSPEC || address->family >= AF_MAX)) { + if (address && (address->family <= AF_UNSPEC || address->family >= AF_MAX)) { result = AF_UNSPEC; } else if (address) { diff --git a/src/network/clients.c b/src/network/clients.c index 97eea9ab..c2e73928 100644 --- a/src/network/clients.c +++ b/src/network/clients.c @@ -29,7 +29,7 @@ int_t client_status(client_t *client) { result = client->status; } // We return -1 if the status is already negative, or connection is otherwise invalid. - else { + else if (client) { result = client->status = -1; } @@ -142,7 +142,7 @@ client_t * client_connect(chr_t *host, uint32_t port) { if (ret) { log_pedantic("We were unable to connect with the host %s:%u. { connect = %i / errno = %s }", host, port, ret, strerror_r(errno, MEMORYBUF(1024), 1024)); - close(sd); +// close(sd); return NULL; } diff --git a/src/providers/cryptography/ecies.c b/src/providers/cryptography/ecies.c index 485f9b44..5e5b6b88 100644 --- a/src/providers/cryptography/ecies.c +++ b/src/providers/cryptography/ecies.c @@ -413,7 +413,7 @@ cryptex_t * deprecated_ecies_encrypt(stringer_t *key, ECIES_KEY_TYPE key_type, u EVP_CIPHER_CTX cipher; unsigned int mac_length; EC_KEY *user, *ephemeral; - size_t envelope_length, block_length, key_length, hexkey_length; + size_t envelope_length = 0, block_length = 0, key_length = 0, hexkey_length = 0; uchr_t *kbuf; unsigned char envelope_key[SHA512_DIGEST_LENGTH], iv[EVP_MAX_IV_LENGTH], block[EVP_MAX_BLOCK_LENGTH]; diff --git a/src/providers/deprecated/ecies.c b/src/providers/deprecated/ecies.c index 43217c42..075e349c 100644 --- a/src/providers/deprecated/ecies.c +++ b/src/providers/deprecated/ecies.c @@ -414,7 +414,7 @@ cryptex_t * ecies_encrypt(stringer_t *key, ECIES_KEY_TYPE key_type, unsigned cha EVP_CIPHER_CTX cipher; unsigned int mac_length; EC_KEY *user, *ephemeral; - size_t envelope_length, block_length, key_length, hexkey_length; + size_t envelope_length = 0, block_length = 0, key_length = 0, hexkey_length = 0; uchr_t *kbuf; unsigned char envelope_key[SHA512_DIGEST_LENGTH], iv[EVP_MAX_IV_LENGTH], block[EVP_MAX_BLOCK_LENGTH]; |