rpms / nss

Clone
Source Code
GIT

Blame SOURCES/nss-3.67-fix-coverity-issues.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   1e2796d4718eee5cb28284936233898b305e262d
  2.   SOURCES
  3.   nss-3.67-fix-coverity-issues.patch
Blob History Raw
1e2796 
diff -up ./lib/pk11wrap/pk11cxt.c.coverity ./lib/pk11wrap/pk11cxt.c
1e2796 
--- ./lib/pk11wrap/pk11cxt.c.coverity	2021-06-18 09:36:19.499203028 -0700
1e2796 
+++ ./lib/pk11wrap/pk11cxt.c	2021-06-18 09:37:57.993765299 -0700
1e2796 
@@ -382,7 +382,7 @@ pk11_CreateNewContextInSlot(CK_MECHANISM
1e2796 
      * of the connection.*/
1e2796 
     context->fortezzaHack = PR_FALSE;
1e2796 
     if (type == CKM_SKIPJACK_CBC64) {
1e2796 
-        if (symKey->origin == PK11_OriginFortezzaHack) {
1e2796 
+        if (symKey && (symKey->origin == PK11_OriginFortezzaHack)) {
1e2796 
             context->fortezzaHack = PR_TRUE;
1e2796 
         }
1e2796 
     }
1e2796 
diff -up ./lib/pk11wrap/pk11hpke.c.coverity ./lib/pk11wrap/pk11hpke.c
1e2796 
--- ./lib/pk11wrap/pk11hpke.c.coverity	2021-06-18 13:40:05.410644464 -0700
1e2796 
+++ ./lib/pk11wrap/pk11hpke.c	2021-06-18 13:42:40.627606469 -0700
1e2796 
@@ -1164,8 +1164,6 @@ PK11_HPKE_Seal(HpkeContext *cx, const SE
1e2796 
     unsigned char tagBuf[HASH_LENGTH_MAX];
1e2796 
     size_t tagLen;
1e2796 
     unsigned int fixedBits;
1e2796 
-    PORT_Assert(cx->baseNonce->len == sizeof(ivOut));
1e2796 
-    PORT_Memcpy(ivOut, cx->baseNonce->data, cx->baseNonce->len);
1e2796
1e2796 
     /* aad may be NULL, PT may be zero-length but not NULL. */
1e2796 
     if (!cx || !cx->aeadContext ||
1e2796 
@@ -1176,6 +1174,9 @@ PK11_HPKE_Seal(HpkeContext *cx, const SE
1e2796 
         return SECFailure;
1e2796 
     }
1e2796
1e2796 
+    PORT_Assert(cx->baseNonce->len == sizeof(ivOut));
1e2796 
+    PORT_Memcpy(ivOut, cx->baseNonce->data, cx->baseNonce->len);
1e2796 
+
1e2796 
     tagLen = cx->aeadParams->tagLen;
1e2796 
     maxOut = pt->len + tagLen;
1e2796 
     fixedBits = (cx->baseNonce->len - 8) * 8;
1e2796 
diff -up ./lib/softoken/sftkike.c.coverity ./lib/softoken/sftkike.c
1e2796 
--- ./lib/softoken/sftkike.c.coverity	2021-06-18 09:33:59.633405513 -0700
1e2796 
+++ ./lib/softoken/sftkike.c	2021-06-18 09:34:20.305523382 -0700
1e2796 
@@ -1411,7 +1411,6 @@ sftk_fips_IKE_PowerUpSelfTests(void)
1e2796 
         (outKeySize != sizeof(ike_known_sha256_prf_plus)) ||
1e2796 
         (PORT_Memcmp(outKeyData, ike_known_sha256_prf_plus,
1e2796 
                      sizeof(ike_known_sha256_prf_plus)) != 0)) {
1e2796 
-        PORT_ZFree(outKeyData, outKeySize);
1e2796 
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1e2796 
         return SECFailure;
1e2796 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation