rpms / libsmbios

Clone
Source Code
GIT

Files

  1.   05c7637a53cff48b9f0959726bdc29105fa08391
  2.   SOURCES
  3.   0017-Fix-some-impossible-logic.patch
Blob Blame History Raw 
From 248d2252c234434d443e07f339eecad74aa77bdc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jun 2017 16:25:12 -0400
Subject: [PATCH 17/22] Fix some impossible logic.

Covscan says:
Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def37]
libsmbios-2.3.3/src/libsmbios_c/smi/smi_password.c:201: impossible_and: The "and" condition "tmpret == 0 && tmpret == 2" can never be true because "tmpret" cannot be equal to two different values at the same time.

And it's right, that can't be correct.

I've re-written most of the function here - I think it's "correct", but
the behavior doesn't appear to be well defined, so it's hard to be sure.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 src/libsmbios_c/smi/smi_password.c | 46 +++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 25 deletions(-)

diff --git a/src/libsmbios_c/smi/smi_password.c b/src/libsmbios_c/smi/smi_password.c
index c24906aa2e2..b946b8d10af 100644
--- a/src/libsmbios_c/smi/smi_password.c
+++ b/src/libsmbios_c/smi/smi_password.c
@@ -177,43 +177,39 @@ out:
 
 int dell_smi_password_verify(int which, const char *password)
 {
-    int retval = 2;
     struct smi_password_properties p = {0,};
     int tmpret = get_password_properties_2(which, &p);
-    if (tmpret == 0 && p.installed != 0)
-        // if function succeeded and password *not* installed, skip
-        goto out;
-    else if (tmpret == 0)
+
+    // if function succeeded and password *not* installed, skip
+    if (tmpret == 0 && p.installed != SMI_PASSWORD_INSTALLED)
+        return 2;
+
+    if (tmpret == 0)
     {
-        // else _2 function is valid, so use it.
         tmpret = verify_password_2(which, password, p.maxlen, 0);
-        retval = 1;
-        if (tmpret==0) // correct, security key set
-            goto out;
+        if (tmpret == SMI_PASSWORD_CORRECT) // correct, security key set
+            return 1;
 
-        retval = 0; // incorrect password
-        if (tmpret==2)
-            goto out;
+        if (tmpret == SMI_PASSWORD_INCORRECT)
+            return 0;
     }
 
-
     tmpret = password_installed(which);
-    if (tmpret == 0 && tmpret == 2)
-        // function succeeded and password not installed
-        goto out;
-    else if (tmpret == 0)
+    // function succeeded and password not installed
+    if (!(tmpret == 0 || tmpret == 2))
+        return 2;
+
+    if (tmpret == 0)
     {
         tmpret = verify_password(which, password, 0);
-        retval = 1;
-        if (tmpret==0) // correct, security key set
-            goto out;
-        retval = 0; // incorrect password
-        if (tmpret==2)
-            goto out;
+        if (tmpret == SMI_PASSWORD_CORRECT) // correct, security key set
+            return 1;
+
+        if (tmpret == SMI_PASSWORD_INCORRECT)
+            return 0;
     }
 
-out:
-    return retval;
+    return 2;
 }
 
 int dell_smi_password_format(int which)
-- 
2.14.3

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation