Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Coverity fixes #22211

Closed
wants to merge 3 commits into from
Closed

Coverity fixes #22211

wants to merge 3 commits into from

Conversation

paulidale
Copy link
Contributor

Fixing issues:

  • 1545174: calling risky function
  • 1545175: use after free
  • 1545176: dereference before NULL check

@paulidale
Coverity 1545176: dereference before NULL check
a295295
@paulidale
Coverity 1545174: calling risky function
134977d 
Remove the call to rand() and replace with an xor-shift RNG.
There are no security implications to worry about here.  This RNG is
used during testing only.
@paulidale
Coverity 1545175: use after free
5e9f143
@paulidale paulidale added branch: master Merge to master branch approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member triaged: bug The issue/pr is/fixes a bug branch: 3.1 Merge to openssl-3.1 tests: exempted The PR is exempt from requirements for testing labels Sep 28, 2023
@paulidale paulidale self-assigned this Sep 28, 2023
@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Sep 28, 2023
@paulidale
Copy link
Contributor Author

This needs to go to 3.1 after #22210

tom-cosgrove-arm
tom-cosgrove-arm approved these changes Sep 28, 2023
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tom-cosgrove-arm tom-cosgrove-arm removed the approval: review pending This pull request needs review by a committer label Sep 28, 2023
@t8m t8m added approval: done This pull request has the required number of approvals and removed approval: otc review pending This pull request needs review by an OTC member labels Sep 29, 2023
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Sep 30, 2023
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Oct 2, 2023
@paulidale
Coverity 1545176: dereference before NULL check
1541083 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #22211)
openssl-machine pushed a commit that referenced this pull request Oct 2, 2023
@paulidale
Coverity 1545174: calling risky function
eaf0879 
Remove the call to rand() and replace with an xor-shift RNG.
There are no security implications to worry about here.  This RNG is
used during testing only.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #22211)
openssl-machine pushed a commit that referenced this pull request Oct 2, 2023
@paulidale
Coverity 1545175: use after free
6bd0794 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #22211)
@t8m
Copy link
Member

t8m commented Oct 2, 2023

This seems to be merged now. Closing.

@t8m t8m closed this Oct 2, 2023
@t8m t8m reopened this Oct 2, 2023
@t8m
Copy link
Member

t8m commented Oct 2, 2023

Actually still needs to be merged to 3.1 after the fips rng backport

@github-actions github-actions bot removed the severity: fips change The pull request changes FIPS provider sources label Oct 2, 2023
@paulidale
Copy link
Contributor Author

Merged to 3.1

@paulidale paulidale closed this Oct 3, 2023
@paulidale paulidale deleted the rng-coverity branch October 3, 2023 08:04
openssl-machine pushed a commit that referenced this pull request Oct 3, 2023
@paulidale
Coverity 1545176: dereference before NULL check
dec12f2 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #22211)

(cherry picked from commit 1541083)
openssl-machine pushed a commit that referenced this pull request Oct 3, 2023
@paulidale
Coverity 1545174: calling risky function
d9395ec 
Remove the call to rand() and replace with an xor-shift RNG.
There are no security implications to worry about here.  This RNG is
used during testing only.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #22211)

(cherry picked from commit eaf0879)
openssl-machine pushed a commit that referenced this pull request Oct 3, 2023
@paulidale
Coverity 1545175: use after free
eda5e11 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #22211)

(cherry picked from commit 6bd0794)
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Oct 9, 2023
@paulidale
Coverity 1545176: dereference before NULL check
f8fb6bf 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from openssl/openssl#22211)

Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Oct 9, 2023
@paulidale
Coverity 1545174: calling risky function
78b92a8 
Remove the call to rand() and replace with an xor-shift RNG.
There are no security implications to worry about here.  This RNG is
used during testing only.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from openssl/openssl#22211)

Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Oct 9, 2023
@paulidale
Coverity 1545175: use after free
5c0100f 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from openssl/openssl#22211)

Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Oct 9, 2023
@paulidale
Coverity 1545176: dereference before NULL check
e88873a 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from openssl/openssl#22211)

(cherry picked from commit 1541083)
Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Oct 9, 2023
@paulidale
Coverity 1545174: calling risky function
cf45e00 
Remove the call to rand() and replace with an xor-shift RNG.
There are no security implications to worry about here.  This RNG is
used during testing only.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from openssl/openssl#22211)

(cherry picked from commit eaf0879)
Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Oct 9, 2023
@paulidale
Coverity 1545175: use after free
fd2deb2 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from openssl/openssl#22211)

(cherry picked from commit 6bd0794)
Signed-off-by: fly2x <fly2x@hitls.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@tom-cosgrove-arm tom-cosgrove-arm tom-cosgrove-arm approved these changes

Assignees

@paulidale paulidale

Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch branch: 3.1 Merge to openssl-3.1 tests: exempted The PR is exempt from requirements for testing triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@paulidale @openssl-machine @t8m @tom-cosgrove-arm