From 4e8599886ba4802fef1683811a725e7c4bc4fe72 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 12 Jul 2022 18:00:38 +0100 Subject: [PATCH] luks: Check return values from malloc more carefully Found by Coverity: Error: GCC_ANALYZER_WARNING (CWE-688): [#def53] nbdkit-1.30.7/filters/luks/luks-encryption.c: scope_hint: In function 'calculate_iv' nbdkit-1.30.7/filters/luks/luks-encryption.c:175:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'iv' where non-null expected nbdkit-1.30.7/filters/luks/luks-encryption.c:39: included_from: Included from here. /usr/include/string.h:43:14: note: argument 1 of 'memcpy' must be non-null # 173| sector32 = (uint32_t) sector; /* truncate to only lower bits */ # 174| sector32 = htole32 (sector32); # 175|-> memcpy (iv, §or32, prefixlen); # 176| memset (iv + prefixlen, 0, ivlen - prefixlen); # 177| break; Error: GCC_ANALYZER_WARNING (CWE-688): [#def54] nbdkit-1.30.7/filters/luks/luks-encryption.c:184:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'iv' where non-null expected nbdkit-1.30.7/filters/luks/luks-encryption.c:39: included_from: Included from here. /usr/include/string.h:43:14: note: argument 1 of 'memcpy' must be non-null # 182| prefixlen = ivlen; # 183| sector = htole64 (sector); # 184|-> memcpy (iv, §or, prefixlen); # 185| memset (iv + prefixlen, 0, ivlen - prefixlen); # 186| break; Error: NULL_RETURNS (CWE-476): [#def55] nbdkit-1.30.7/filters/luks/luks-encryption.c:498: returned_null: "malloc" returns "NULL" (checked 86 out of 94 times). nbdkit-1.30.7/filters/luks/luks-encryption.c:498: var_assigned: Assigning: "temp" = "NULL" return value from "malloc". nbdkit-1.30.7/filters/luks/luks-encryption.c:523: dereference: Dereferencing a pointer that might be "NULL" "temp" when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] # 521| gnutls_hash_deinit (hash, temp); # 522| # 523|-> memcpy (&block[i*digest_bytes], temp, blen); # 524| } # 525| Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c (cherry picked from commit 00c8bbd9e321681843140f697985505de7177f34) --- filters/luks/luks-encryption.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c index 8ee0eb35..19aaf06a 100644 --- a/filters/luks/luks-encryption.c +++ b/filters/luks/luks-encryption.c @@ -495,9 +495,15 @@ af_hash (gnutls_digest_algorithm_t hash_alg, uint8_t *block, size_t len) size_t digest_bytes = gnutls_hash_get_len (hash_alg); size_t nr_blocks, last_block_len; size_t i; - CLEANUP_FREE uint8_t *temp = malloc (digest_bytes); int r; gnutls_hash_hd_t hash; + CLEANUP_FREE uint8_t *temp; + + temp = malloc (digest_bytes); + if (!temp) { + nbdkit_error ("malloc: %m"); + return -1; + } nr_blocks = len / digest_bytes; last_block_len = len % digest_bytes; @@ -874,9 +880,15 @@ int do_decrypt (struct luks_data *h, gnutls_cipher_hd_t cipher, uint64_t sector, uint8_t *buf, size_t nr_sectors) { - const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode); - CLEANUP_FREE uint8_t *iv = malloc (ivlen); int r; + const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode); + CLEANUP_FREE uint8_t *iv; + + iv = malloc (ivlen); + if (!iv) { + nbdkit_error ("malloc: %m"); + return -1; + } while (nr_sectors) { calculate_iv (h->ivgen_alg, iv, ivlen, sector); @@ -902,9 +914,15 @@ int do_encrypt (struct luks_data *h, gnutls_cipher_hd_t cipher, uint64_t sector, uint8_t *buf, size_t nr_sectors) { - const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode); - CLEANUP_FREE uint8_t *iv = malloc (ivlen); int r; + const size_t ivlen = cipher_alg_iv_len (h->cipher_alg, h->cipher_mode); + CLEANUP_FREE uint8_t *iv; + + iv = malloc (ivlen); + if (!iv) { + nbdkit_error ("malloc: %m"); + return -1; + } while (nr_sectors) { calculate_iv (h->ivgen_alg, iv, ivlen, sector); -- 2.31.1