From ca231b0da8dcd87af1597a26ea83f29be77e0e10 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 15 Apr 2014 13:58:05 +0200
Subject: several bug fixes due to coverity.

---
 lib/auth/cert.c           |  9 +++++----
 lib/ext/heartbeat.c       |  2 ++
 lib/gnutls_db.c           |  3 +--
 lib/gnutls_extensions.c   |  5 ++++-
 lib/gnutls_handshake.c    |  2 ++
 lib/gnutls_pk.c           |  7 ++++++-
 lib/gnutls_priority.c     | 12 ++++++------
 lib/gnutls_range.c        |  4 ----
 lib/gnutls_record.c       |  2 +-
 lib/gnutls_session_pack.c | 11 ++---------
 lib/gnutls_x509.c         |  2 +-
 lib/nettle/egd.c          |  3 +++
 lib/openpgp/pgp.c         | 10 +++++-----
 lib/openpgp/privkey.c     | 10 +++++-----
 lib/pkcs11.c              |  5 ++++-
 lib/tpm.c                 |  2 +-
 lib/verify-tofu.c         |  2 +-
 17 files changed, 49 insertions(+), 42 deletions(-)

diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 863f15f2e3..7f69810651 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -624,8 +624,7 @@ call_get_cert_callback(gnutls_session_t session,
 	}
 
 	_gnutls_selected_certs_set(session, local_certs,
-				   (local_certs != NULL) ? st2.ncerts : 0,
-				   local_key, 1);
+				   st2.ncerts, local_key, 1);
 
 	ret = 0;
 
@@ -1342,8 +1341,10 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session,
       cleanup:
 
 	_gnutls_free_datum(&akey);
-	gnutls_pcert_deinit(&peer_certificate_list[0]);
-	gnutls_free(peer_certificate_list);
+	if (peer_certificate_list != NULL) {
+		gnutls_pcert_deinit(&peer_certificate_list[0]);
+		gnutls_free(peer_certificate_list);
+	}
 	return ret;
 
 }
diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
index 70d3466d65..f34b89ba7f 100644
--- a/lib/ext/heartbeat.c
+++ b/lib/ext/heartbeat.c
@@ -197,6 +197,8 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
 		gettime(&session->internals.hb_ping_start);
 		session->internals.hb_local_data.length = data_size;
 		session->internals.hb_state = SHB_SEND2;
+
+		/* fallthrough */
 	case SHB_SEND2:
 		session->internals.hb_actual_retrans_timeout_ms =
 		    session->internals.hb_retrans_timeout_ms;
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index 4c5ea39aa3..034a012ada 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -236,8 +236,7 @@ int _gnutls_server_register_current_session(gnutls_session_t session)
 		return GNUTLS_E_INVALID_SESSION;
 	}
 
-	if (session->security_parameters.session_id == NULL
-	    || session->security_parameters.session_id_size == 0) {
+	if (session->security_parameters.session_id_size == 0) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_SESSION;
 	}
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index ef96a3e9ee..fd641f44bb 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -243,7 +243,10 @@ _gnutls_gen_extensions(gnutls_session_t session,
 	size_t i, init_size = extdata->length;
 
 	pos = extdata->length;	/* we will store length later on */
-	_gnutls_buffer_append_prefix(extdata, 16, 0);
+
+	ret = _gnutls_buffer_append_prefix(extdata, 16, 0);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
 
 	for (i = 0; i < extfunc_size; i++) {
 		extension_entry_st *p = &extfunc[i];
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index efec41e62f..febfee9176 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2908,6 +2908,7 @@ static int _gnutls_send_handshake_final(gnutls_session_t session, int init)
 			return ret;
 		}
 
+		/* fallthrough */
 	case STATE2:
 		/* send the finished message */
 		ret = _gnutls_send_finished(session, FAGAIN(STATE2));
@@ -2999,6 +3000,7 @@ static int _gnutls_recv_handshake_final(gnutls_session_t session, int init)
 			return ret;
 		}
 
+		/* fallthrough */
 	case STATE31:
 		FINAL_STATE = STATE31;
 
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 07fa28f186..1d4111b822 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -286,7 +286,12 @@ encode_ber_digest_info(const mac_entry_st * e,
 	}
 
 	tmp_output_size = 0;
-	asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL);
+	result = asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL);
+	if (result != ASN1_MEM_ERROR) {
+		gnutls_assert();
+		asn1_delete_structure(&dinfo);
+		return _gnutls_asn2err(result);
+	}
 
 	tmp_output = gnutls_malloc(tmp_output_size);
 	if (tmp_output == NULL) {
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index a538a58147..d42da8833e 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -191,13 +191,13 @@ gnutls_compression_set_priority(gnutls_session_t session, const int *list)
  **/
 int gnutls_protocol_set_priority(gnutls_session_t session, const int *list)
 {
-	_set_priority(&session->internals.priorities.protocol, list);
-
-	/* set the current version to the first in the chain.
-	 * This will be overridden later.
-	 */
-	if (list)
+	if (list) {
+		_set_priority(&session->internals.priorities.protocol, list);
+		/* set the current version to the first in the chain.
+		 * This will be overridden later.
+		 */
 		_gnutls_set_current_version(session, list[0]);
+	}
 
 	return 0;
 }
diff --git a/lib/gnutls_range.c b/lib/gnutls_range.c
index 853e54a7e0..aa83001b27 100644
--- a/lib/gnutls_range.c
+++ b/lib/gnutls_range.c
@@ -248,10 +248,6 @@ gnutls_record_send_range(gnutls_session_t session, const void *data,
 	if (ret == 0)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
-	if (ret == 0 && range->low != range->high)
-		/* Cannot use LH, but a range was given */
-		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
 	_gnutls_set_range(&cur_range, range->low, range->high);
 
 	_gnutls_record_log
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index e1b7f57bab..d6e2098b95 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -304,7 +304,7 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
 			gnutls_assert();
 			return ret;
 		}
-
+		/* fallthrough */
 	case STATE61:
 		ret =
 		    gnutls_alert_send(session, GNUTLS_AL_WARNING,
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index 0fb11eeb2e..27fba085ef 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -598,15 +598,8 @@ pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
 	if (info == NULL)
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-	if (info->username)
-		username_len = strlen(info->username) + 1;	/* include the terminating null */
-	else
-		username_len = 0;
-
-	if (info->hint)
-		hint_len = strlen(info->hint) + 1;	/* include the terminating null */
-	else
-		hint_len = 0;
+	username_len = strlen(info->username) + 1;	/* include the terminating null */
+	hint_len = strlen(info->hint) + 1;	/* include the terminating null */
 
 	size_offset = ps->length;
 	BUFFER_APPEND_NUM(ps, 0);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 685b588e0e..90ee425162 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1773,7 +1773,7 @@ gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
 	return ret;
 
       cleanup:
-	for (j = 0; j < i; i++)
+	for (j = 0; j < i; j++)
 		gnutls_x509_crt_deinit(new_list[j]);
 
 	return ret;
diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c
index 0c8bcbb3f5..da02d238f3 100644
--- a/lib/nettle/egd.c
+++ b/lib/nettle/egd.c
@@ -196,6 +196,9 @@ int _rndegd_read(int *fd, void *_output, size_t _length)
 	if (*fd == -1 || do_restart)
 		*fd = _rndegd_connect_socket();
 
+	if (*fd == -1)
+		return -1;
+
 	do_restart = 0;
 
 	nbytes = length < 255 ? length : 255;
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index a4112a516f..569cbc498a 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -1569,16 +1569,16 @@ int
 gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t key,
 					gnutls_openpgp_keyid_t keyid)
 {
-	if (!key->preferred_set)
-		return
-		    gnutls_assert_val
-		    (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
-
 	if (!key || !keyid) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
+	if (!key->preferred_set)
+		return
+		    gnutls_assert_val
+		    (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
 	memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
 
 	return 0;
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 58581128b4..760fe79675 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -1218,16 +1218,16 @@ int
 gnutls_openpgp_privkey_get_preferred_key_id(gnutls_openpgp_privkey_t key,
 					    gnutls_openpgp_keyid_t keyid)
 {
-	if (!key->preferred_set)
-		return
-		    gnutls_assert_val
-		    (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
-
 	if (!key || !keyid) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
+	if (!key->preferred_set)
+		return
+		    gnutls_assert_val
+		    (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
 	memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
 
 	return 0;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 225469df73..0fc3af875b 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2430,8 +2430,11 @@ find_objs(struct pkcs11_session_info *sinfo,
 			a[0].value = &class;
 			a[0].value_len = sizeof class;
 
-			pkcs11_get_attribute_value(sinfo->module,
+			rv = pkcs11_get_attribute_value(sinfo->module,
 						   sinfo->pks, obj, a, 1);
+			if (rv != CKR_OK) {
+				class = -1;
+			}
 		}
 
 		if (find_data->flags ==
diff --git a/lib/tpm.c b/lib/tpm.c
index 86b0047a9b..7ddfdfb295 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -808,7 +808,7 @@ static int decode_tpmkey_url(const char *url, struct tpmkey_url_st *s)
 		return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
 	}
 
-	if ((p = strstr(url, "storage=user")) != NULL)
+	if (strstr(url, "storage=user") != NULL)
 		s->storage = TSS_PS_TYPE_USER;
 	else
 		s->storage = TSS_PS_TYPE_SYSTEM;
diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c
index 28b1090fd3..b79da81c40 100644
--- a/lib/verify-tofu.c
+++ b/lib/verify-tofu.c
@@ -375,7 +375,7 @@ static int raw_pubkey_to_base64(const gnutls_datum_t * raw,
 	char *out;
 
 	ret = base64_encode_alloc((void *) raw->data, raw->size, &out);
-	if (ret == 0)
+	if (ret == 0 || out == NULL)
 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
 	b64->data = (void *) out;
-- 
cgit v1.2.1