Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1429776 - Various coverity issues on TLS 1.3 branch, r=ekr
--HG--
extra : amend_source : 56afd02dd34895963ecf02385b316280d04127b1
  • Loading branch information
martinthomson committed Nov 26, 2017
1 parent 33b114e commit 5a4255c
Show file tree
Hide file tree
Showing 7 changed files with 16 additions and 8 deletions.
2 changes: 1 addition & 1 deletion gtests/ssl_gtest/ssl_custext_unittest.cc
Expand Up @@ -77,7 +77,7 @@ void InstallManyWriters(std::shared_ptr<TlsAgent> agent,
SSLExtensionWriter writer, size_t *installed = nullptr,
size_t *called = nullptr) {
for (size_t i = 0; i < PR_ARRAY_SIZE(kManyExtensions); ++i) {
SSLExtensionSupport support;
SSLExtensionSupport support = ssl_ext_none;
SECStatus rv = SSL_GetExtensionSupport(kManyExtensions[i], &support);
ASSERT_EQ(SECSuccess, rv) << "SSL_GetExtensionSupport cannot fail";

Expand Down
3 changes: 3 additions & 0 deletions gtests/ssl_gtest/ssl_drop_unittest.cc
Expand Up @@ -352,6 +352,9 @@ TEST_F(TlsDropDatagram13, DropSecondHalfOfServerCertificate) {
// overlapping message ranges are handled properly; and that extra
// retransmissions are handled properly.
class TlsFragmentationAndRecoveryTest : public TlsDropDatagram13 {
public:
TlsFragmentationAndRecoveryTest() : cert_len_(0) {}

protected:
void RunTest(size_t dropped_half) {
FirstFlightDropCertificate();
Expand Down
2 changes: 1 addition & 1 deletion lib/ssl/dtls13con.c
Expand Up @@ -78,7 +78,7 @@ dtls13_RememberFragment(sslSocket *ss,
SECStatus
dtls13_SendAck(sslSocket *ss)
{
sslBuffer buf = { NULL, 0, 0 };
sslBuffer buf = SSL_BUFFER_EMPTY;
SECStatus rv = SECSuccess;
PRCList *cursor;
PRInt32 sent;
Expand Down
2 changes: 1 addition & 1 deletion lib/ssl/ssl3ext.c
Expand Up @@ -619,7 +619,7 @@ static SECStatus
ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf,
SSLHandshakeType message)
{
sslBuffer tail = { NULL, 0, 0 };
sslBuffer tail = SSL_BUFFER_EMPTY;
SECStatus rv;
PRCList *cursor;

Expand Down
2 changes: 1 addition & 1 deletion lib/ssl/ssl3exthandle.c
Expand Up @@ -665,7 +665,7 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
PK11SymKey *secret, SECItem *ticket_data)
{
SECStatus rv;
sslBuffer plaintext = { NULL, 0, 0 };
sslBuffer plaintext = SSL_BUFFER_EMPTY;
SECItem ticket_buf = { 0, NULL, 0 };
sslSessionID sid;
unsigned char wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
Expand Down
3 changes: 2 additions & 1 deletion lib/ssl/sslspec.c
Expand Up @@ -252,7 +252,8 @@ void
ssl_DestroyCipherSpecs(PRCList *list)
{
while (!PR_CLIST_IS_EMPTY(list)) {
ssl_FreeCipherSpec((ssl3CipherSpec *)PR_LIST_TAIL(list));
ssl3CipherSpec *spec = (ssl3CipherSpec *)PR_LIST_TAIL(list);
ssl_FreeCipherSpec(spec);
}
}

Expand Down
10 changes: 7 additions & 3 deletions lib/ssl/tls13con.c
Expand Up @@ -3075,7 +3075,7 @@ tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
/* We use the epoch for cipher suite identification, so increment
* it in both TLS and DTLS. */
if ((*specp)->epoch == PR_UINT16_MAX) {
return SECFailure;
goto loser;
}
spec->epoch = (PRUint16)type;
spec->seqNum = 0;
Expand All @@ -3086,12 +3086,12 @@ tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
/* This depends on spec having a valid direction and epoch. */
rv = tls13_SetupPendingCipherSpec(ss, spec);
if (rv != SECSuccess) {
return SECFailure;
goto loser;
}

rv = tls13_DeriveTrafficKeys(ss, spec, type, deleteSecret);
if (rv != SECSuccess) {
return SECFailure;
goto loser;
}

/* Now that we've set almost everything up, finally cut over. */
Expand All @@ -3109,6 +3109,10 @@ tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
direction == CipherSpecWrite, spec);
}
return SECSuccess;

loser:
ssl_CipherSpecRelease(spec);
return SECFailure;
}

SECStatus
Expand Down

0 comments on commit 5a4255c

Please sign in to comment.