From f140a8e5fdb2f3b9fbc3b32d1a844554008c2298 Mon Sep 17 00:00:00 2001

From: William Roberts <william.c.roberts@intel.com>

Date: Fri, 3 Jun 2022 11:51:02 -0500

Subject: [PATCH 20/23] esys_iutil: fix possible NPD

Clang-10 scan-build reports:

src/tss2-esys/esys_iutil.c:1366:56: warning: Dereference of null pointer

            auths->auths[auths->count].sessionHandle = session->rsrc.handle;

                                                       ^~~~~~~~~~~~~~~~~~~~

1 warning generated.

The code above the report checks that session might be NULL:

RSRC_NODE_T *session = esys_context->session_tab[session_idx];

    if (session != NULL) {

        IESYS_SESSION *rsrc_session = &session->rsrc.misc.rsrc_session;

        if (rsrc_session->type_policy_session == POLICY_PASSWORD) {

Thus suggesting/indicating session may be NULL in subsequent code where

session is dereferenced.

Signed-off-by: William Roberts <william.c.roberts@intel.com>

---

 src/tss2-esys/esys_iutil.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c

index 0cc92ca5..493f9b28 100644

--- a/src/tss2-esys/esys_iutil.c

+++ b/src/tss2-esys/esys_iutil.c

@@ -1339,7 +1339,7 @@ iesys_gen_auths(ESYS_CONTEXT * esys_context,

                                 && encryptNonceIdx > 0) ? encryptNonce : NULL,

                                &auths->auths[session_idx]);

         return_if_error(r, "Error while computing hmacs");

-        if (esys_context->session_tab[session_idx] != NULL) {

+        if (esys_context->session_tab[session_idx] != NULL && session != NULL) {

             auths->auths[auths->count].sessionHandle = session->rsrc.handle;

             auths->count++;

         }

-- 

2.34.3