New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
missing BN_div() error check? #304
Comments
Thanks. Interestingly Coverity does not tell me that. |
Resolves: #304 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the return code of BN_div() when calculating Q and Qr. Resolves: #304 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the return code of BN_div() when calculating Q and Qr of a private key. Resolves: #304 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the return code of BN_div() when calculating Q and Qr of a private key. Resolves: #304 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the return code of BN_div() when calculating Q and Qr of a private key. Resolves: #304 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the return code of BN_div() when calculating Q and Qr of a private key. Resolves: #304 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the return code of BN_div() when calculating Q and Qr of a private key. Resolves: #304 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
I'm surprised your Coverity didn't mention it; I'm no expert, but the "Calling foo without checking return value (as is done elsewhere N out of M times)" output feels like it's been around for years. I'm using cov-analysis-linux64-2021.9.0, slapped onto the side of an Ubuntu package build process; are you using the scan.coverity.com service, or a self-hosted version? Thanks |
I am using their service and trigger the checks via a push to coverity_scan branch, which triggers Travis to build for Coverity and submitted the build to their service. |
libtpms/src/tpm2/crypto/openssl/Helpers.c
Line 524 in bd42b67
Hello, Coverity has pointed out that that
BN_div()
is called inInitOpenSSLRSAPrivateKey()
without checking the return value for an error.Thanks
The text was updated successfully, but these errors were encountered: