Message ID | 13d29813-74cd-de04-5857-cda6ad5d44ad@chocky.org |
---|---|
State | Not Applicable |
Delegated to: | Petr Štetiar |
Headers | show |
Series | px5g-mbedtls (Was: px5g return value checking) | expand |
On Mon, Nov 7, 2022 at 7:19 AM Peter Naulls <peter@chocky.org> wrote: > > On 11/3/22 14:49, Peter Naulls wrote: > > > > Another one from our security scan: > > > > File: /usr/sbin/px5g > > Issue: RET NOT ASSIGNED in function 'FUN_000281b0' at address 0x281c0 while > > calling 'mbedtls_rsa_check_pub_priv' > > Issue: RET NOT ASSIGNED in function 'FUN_000285e8' at address 0x285f8 while > > calling 'mbedtls_ecp_check_pub_priv' > > > > The problem is in fact with px5g-mbedtls util, not the library: Upstream marks a bunch of stuff with MBEDTLS_CHECK_RETURN_TYPICAL aka warn_unused_result. This function is not. Maybe upstream should also be fixed. AFAIK, clang-tidy will mark this function as nodiscard if this is a C++ project. > > > > --- a/px5g-mbedtls.c > +++ b/px5g-mbedtls.c > @@ -113,13 +113,13 @@ static void gen_key(mbedtls_pk_context *key, bool rsa, int > ksize, int exp, > mbedtls_pk_init(key); > if (rsa) { > fprintf(stderr, "Generating RSA private key, %i bit long > modulus\n", ksize); > - mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); > - if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, > ksize, exp)) > + if (!mbedtls_pk_setup(key, > mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) && > + !mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, > NULL, ksize, exp)) > return; > } else { > fprintf(stderr, "Generating EC private key\n"); > - mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); > - if (!mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), _urandom, > NULL)) > + if (!mbedtls_pk_setup(key, > mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) && > + !mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), > _urandom, NULL)) > return; > } > fprintf(stderr, "error: key generation failed\n"); > > > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
--- a/px5g-mbedtls.c +++ b/px5g-mbedtls.c @@ -113,13 +113,13 @@ static void gen_key(mbedtls_pk_context *key, bool rsa, int ksize, int exp, mbedtls_pk_init(key); if (rsa) { fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); - mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); - if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) + if (!mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) && + !mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) return; } else { fprintf(stderr, "Generating EC private key\n");