From 248d2252c234434d443e07f339eecad74aa77bdc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jun 2017 16:25:12 -0400
Subject: [PATCH 17/22] Fix some impossible logic.
Covscan says:
Error: CONSTANT_EXPRESSION_RESULT (CWE-398): [#def37]
libsmbios-2.3.3/src/libsmbios_c/smi/smi_password.c:201: impossible_and: The "and" condition "tmpret == 0 && tmpret == 2" can never be true because "tmpret" cannot be equal to two different values at the same time.
And it's right, that can't be correct.
I've re-written most of the function here - I think it's "correct", but
the behavior doesn't appear to be well defined, so it's hard to be sure.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/libsmbios_c/smi/smi_password.c | 46 +++++++++++++++++---------------------
1 file changed, 21 insertions(+), 25 deletions(-)
diff --git a/src/libsmbios_c/smi/smi_password.c b/src/libsmbios_c/smi/smi_password.c
index c24906aa2e2..b946b8d10af 100644
--- a/src/libsmbios_c/smi/smi_password.c
+++ b/src/libsmbios_c/smi/smi_password.c
@@ -177,43 +177,39 @@ out:
int dell_smi_password_verify(int which, const char *password)
{
- int retval = 2;
struct smi_password_properties p = {0,};
int tmpret = get_password_properties_2(which, &p);
- if (tmpret == 0 && p.installed != 0)
- // if function succeeded and password *not* installed, skip
- goto out;
- else if (tmpret == 0)
+
+ // if function succeeded and password *not* installed, skip
+ if (tmpret == 0 && p.installed != SMI_PASSWORD_INSTALLED)
+ return 2;
+
+ if (tmpret == 0)
{
- // else _2 function is valid, so use it.
tmpret = verify_password_2(which, password, p.maxlen, 0);
- retval = 1;
- if (tmpret==0) // correct, security key set
- goto out;
+ if (tmpret == SMI_PASSWORD_CORRECT) // correct, security key set
+ return 1;
- retval = 0; // incorrect password
- if (tmpret==2)
- goto out;
+ if (tmpret == SMI_PASSWORD_INCORRECT)
+ return 0;
}
-
tmpret = password_installed(which);
- if (tmpret == 0 && tmpret == 2)
- // function succeeded and password not installed
- goto out;
- else if (tmpret == 0)
+ // function succeeded and password not installed
+ if (!(tmpret == 0 || tmpret == 2))
+ return 2;
+
+ if (tmpret == 0)
{
tmpret = verify_password(which, password, 0);
- retval = 1;
- if (tmpret==0) // correct, security key set
- goto out;
- retval = 0; // incorrect password
- if (tmpret==2)
- goto out;
+ if (tmpret == SMI_PASSWORD_CORRECT) // correct, security key set
+ return 1;
+
+ if (tmpret == SMI_PASSWORD_INCORRECT)
+ return 0;
}
-out:
- return retval;
+ return 2;
}
int dell_smi_password_format(int which)
--
2.14.3