Skip to content

Fixes from CodeSonar report#8700

Merged
JacobBarthelmeh merged 1 commit intowolfSSL:masterfrom
embhorn:rel_fixes_cs
Apr 23, 2025
Merged

Fixes from CodeSonar report#8700
JacobBarthelmeh merged 1 commit intowolfSSL:masterfrom
embhorn:rel_fixes_cs

Conversation

@embhorn
Copy link
Member

@embhorn embhorn commented Apr 22, 2025

Description

class significance file line number procedure
Leak Reliability pk.c 16134 pem_write_data
Uninitialized Variable Security cpuid.c 62 cpuid_flag
Uninitialized Variable Security ssl.c 23000 wolfSSL_get0_alpn_selected
Uninitialized Variable Security cpuid.c 69 cpuid_flag
Uninitialized Variable Security cpuid.c 63 cpuid_flag
Uninitialized Variable Security cpuid.c 70 cpuid_flag
Uninitialized Variable Security cpuid.c 64 cpuid_flag
Uninitialized Variable Security ssl.c 1012 GetEchConfigsEx
Uninitialized Variable Security cpuid.c 71 cpuid_flag
Uninitialized Variable Security wc_port.c 960 wc_ReadDirClose
Use After Free Security x509.c 3351 ExternalFreeX509
Unreasonable Size Argument Security x509.c 3633 wolfSSL_X509_get_name_oneline
Unreasonable Size Argument Security rsa.c 4136 wc_RsaPSS_CheckPadding_ex2
Uninitialized Variable Security ssl_p7p12.c 1224 wolfSSL_SMIME_read_PKCS7
Unreasonable Size Argument Security x509.c 3653 wolfSSL_X509_get_name_oneline
Unreasonable Size Argument Security bio.c 740 wolfSSL_BIO_write
Unreasonable Size Argument Security bio.c 735 wolfSSL_BIO_write
Uninitialized Variable Security ed25519.c 1162 wc_ed25519_import_public_ex
Uninitialized Variable Security curve448.c 318 wc_curve448_import_public_ex
Overlapping Memory Regions Security evp.c 1062 wolfSSL_EVP_CipherUpdate
Unreasonable Size Argument Security bio.c 625 wolfSSL_BIO_MEMORY_write
Unreasonable Size Argument Security wolfio.c 1185 wolfIO_Send
Uninitialized Variable Security curve25519.c 106 curve25519_copy_point

Testing

CI + CodeSonar validation

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@embhorn embhorn self-assigned this Apr 22, 2025
@embhorn embhorn added the For This Release Release version 5.9.0 label Apr 22, 2025
Copilot AI reviewed Apr 22, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request implements several fixes identified by the CodeSonar report across cryptography and SSL/TLS-related modules. Key changes include improving memory initialization, replacing unsafe memory operations, and consistently nullifying pointers after freeing them to prevent use‑after‑free issues.

Reviewed Changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
wolfcrypt/src/wc_port.c Removed duplicate XMEMSET by conditionally initializing ctx.
wolfcrypt/src/rsa.c Introduced local variable “digSz” and enhanced hash digest error checking.
wolfcrypt/src/pkcs12.c Ensured variable “size” is explicitly initialized to zero.
wolfcrypt/src/evp.c Replaced XMEMCPY with XMEMMOVE to safely copy possibly overlapping buffers.
wolfcrypt/src/cpuid.c Fully initialized the “reg” array using XMEMSET instead of a single element assignment.
wolfcrypt/src/asn.c Added zero‐initialization of “pubKey” before key decoding functions.
src/x509_str.c Set pointers to NULL consistently after freeing to improve safety.
... (additional files) Similar pointer nullification and error checking improvements.
Comments suppressed due to low confidence (1)

wolfcrypt/src/rsa.c:4066

  • Introducing a dedicated 'digSz' variable along with an additional check (digSz < 0) improves the robustness of hash digest size verification. Ensure that wc_HashGetDigestSize can return negative values in error conditions.
int digSz;

@embhorn
Copy link
Member Author

embhorn commented Apr 22, 2025

Retest this please:

Build [PRB-generic-config-parser #8194](https://cloud.wolfssl-test.com/jenkins/job/PRB-generic-config-parser/8194/) completed: FAILURE
[Pipeline] }
[PRB-generic-config-parser #8194](https://cloud.wolfssl-test.com/jenkins/job/PRB-generic-config-parser/8194/) completed with status FAILURE (propagate: false to ignore)
org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: cb3caed5-95a8-4ac1-9ec5-5005f4d23333
Setting overall build result to FAILURE

Also:   org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 73b81ff9-f0d4-47b3-a569-8d59ba000dd9
Also:   	Also:   org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 2b26052c-650a-4055-9da2-62adb32cd374
org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for wolf-linux-cloud-node-l0r6zc; wolf-linux-cloud-node-l0r6zc was marked offline: Connection was broken

@JacobBarthelmeh JacobBarthelmeh merged commit c22505a into wolfSSL:master Apr 23, 2025
186 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@embhorn embhorn

Labels

For This Release Release version 5.9.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@embhorn @JacobBarthelmeh