rpms / rng-tools

Clone
Source Code
GIT

Files

  1.   c40c82ed57fb42872e27b615f45828426f2e7c5a
  2.   0006-Fix-minor-possibilities-of-using-a-NULL-pointer.patch
Blob Blame History Raw 
From e4a94ad5d4ea8e5663f1e5d71669317b16105945 Mon Sep 17 00:00:00 2001
From: Vladis Dronov <vdronov@redhat.com>
Date: Sat, 12 Jun 2021 13:11:19 +0200
Subject: Fix minor possibilities of using a NULL pointer

Fix the following covscan warnings by performing a check for a NULL:

1) Add a check for NULL to message_entsrc macro:

Error: GCC_ANALYZER_WARNING (CWE-688):
rng-tools-6.12/rngd_rdrand.c: scope_hint: In function 'init_drng_entropy_source'
rng-tools-6.12/rngd.h:186:9: warning[-Wanalyzer-possible-null-argument]: use of
possibly-NULL '____buf' where non-null expected
/usr/include/stdio.h:334:12: note: argument 1 of 'sprintf' must be non-null
   184|   size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
   185|   char *____buf = malloc(____neededpfx + ____neededmsg); \
   186|-> sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \

2) Move memset() in xread_tpm() to a proper place:

Error: NULL_RETURNS (CWE-476): [#def3]
rng-tools-6.12/rngd_entsource.c:96: returned_null: "malloc" returns "NULL"
(checked 89 out of 95 times).
rng-tools-6.12/rngd_entsource.c:96: var_assigned: Assigning: "temp_buf" =
"NULL" return value from "malloc".
rng-tools-6.12/rngd_entsource.c:97: dereference: Dereferencing a pointer
that might be "NULL" "temp_buf" when calling "memset".
    96|   temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
    97|-> memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
    98|   if (temp_buf == NULL) {

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 rngd.h           | 8 +++++---
 rngd_entsource.c | 3 ++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/rngd.h b/rngd.h
index 6208b95..7d65f3c 100644
--- a/rngd.h
+++ b/rngd.h
@@ -184,9 +184,11 @@ extern bool quiet;
 	size_t ____neededpfx = snprintf(NULL, 0, "[%-6s]: ", src->rng_sname); \
 	size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
 	char *____buf = malloc(____neededpfx + ____neededmsg); \
-	sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
-	message(priority, "%s", ____buf); \
-	free(____buf); \
+	if (____buf) { \
+		sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
+		message(priority, "%s", ____buf); \
+		free(____buf); \
+	} \
 } while (0)
 
 extern bool do_reseed;
diff --git a/rngd_entsource.c b/rngd_entsource.c
index e5b7d43..b7ebd15 100644
--- a/rngd_entsource.c
+++ b/rngd_entsource.c
@@ -94,12 +94,13 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
 	}
 
 	temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
-	memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
 	if (temp_buf == NULL) {
 		message_entsrc(ent_src,LOG_ERR|LOG_INFO,"No memory for TPM buffer\n");
 		close(ent_src->rng_fd);
 		return -1;
 	}
+	memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
+
 	/* 32 bits has been reserved for random byte size */
 	rng_cmd[13] = (unsigned char)(size & 0xFF);
 	rng_cmd[12] = (unsigned char)((size >> 8) & 0xFF);
-- 
2.26.3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.