Bug Summary

File:src/lib/libcrypto/asn1/a_object.c
Warning:line 257, column 15
Assigned value is garbage or undefined

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name a_object.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libcrypto/obj -resource-dir /usr/local/lib/clang/13.0.0 -D LIBRESSL_INTERNAL -D LIBRESSL_CRYPTO_INTERNAL -D DSO_DLFCN -D HAVE_DLFCN_H -D HAVE_FUNOPEN -D OPENSSL_NO_HW_PADLOCK -I /usr/src/lib/libcrypto -I /usr/src/lib/libcrypto/asn1 -I /usr/src/lib/libcrypto/bio -I /usr/src/lib/libcrypto/bn -I /usr/src/lib/libcrypto/bytestring -I /usr/src/lib/libcrypto/dh -I /usr/src/lib/libcrypto/dsa -I /usr/src/lib/libcrypto/ec -I /usr/src/lib/libcrypto/ecdh -I /usr/src/lib/libcrypto/ecdsa -I /usr/src/lib/libcrypto/evp -I /usr/src/lib/libcrypto/hmac -I /usr/src/lib/libcrypto/modes -I /usr/src/lib/libcrypto/ocsp -I /usr/src/lib/libcrypto/rsa -I /usr/src/lib/libcrypto/x509 -I /usr/src/lib/libcrypto/obj -D AES_ASM -D BSAES_ASM -D VPAES_ASM -D OPENSSL_IA32_SSE2 -D RSA_ASM -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_BN_ASM_GF2m -D MD5_ASM -D GHASH_ASM -D RC4_MD5_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D WHIRLPOOL_ASM -D OPENSSL_CPUID_OBJ -D PIC -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libcrypto/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/lib/libcrypto/asn1/a_object.c
1/* $OpenBSD: a_object.c,v 1.37 2022/01/07 11:13:54 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/asn1t.h>
65#include <openssl/bn.h>
66#include <openssl/err.h>
67#include <openssl/buffer.h>
68#include <openssl/objects.h>
69
70#include "asn1_locl.h"
71
72const ASN1_ITEM ASN1_OBJECT_it = {
73 .itype = ASN1_ITYPE_PRIMITIVE0x0,
74 .utype = V_ASN1_OBJECT6,
75 .sname = "ASN1_OBJECT",
76};
77
78ASN1_OBJECT *
79ASN1_OBJECT_new(void)
80{
81 ASN1_OBJECT *a;
82
83 if ((a = calloc(1, sizeof(ASN1_OBJECT))) == NULL((void*)0)) {
84 ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_object.c"
,84)
;
85 return (NULL((void*)0));
86 }
87 a->flags = ASN1_OBJECT_FLAG_DYNAMIC0x01;
88
89 return a;
90}
91
92void
93ASN1_OBJECT_free(ASN1_OBJECT *a)
94{
95 if (a == NULL((void*)0))
96 return;
97 if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS0x04) {
98 free((void *)a->sn);
99 free((void *)a->ln);
100 a->sn = a->ln = NULL((void*)0);
101 }
102 if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA0x08) {
103 freezero((void *)a->data, a->length);
104 a->data = NULL((void*)0);
105 a->length = 0;
106 }
107 if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC0x01)
108 free(a);
109}
110
111ASN1_OBJECT *
112ASN1_OBJECT_create(int nid, unsigned char *data, int len,
113 const char *sn, const char *ln)
114{
115 ASN1_OBJECT o;
116
117 o.sn = sn;
118 o.ln = ln;
119 o.data = data;
120 o.nid = nid;
121 o.length = len;
122 o.flags = ASN1_OBJECT_FLAG_DYNAMIC0x01 | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS0x04 |
123 ASN1_OBJECT_FLAG_DYNAMIC_DATA0x08;
124 return (OBJ_dup(&o));
125}
126
127int
128i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
129{
130 unsigned char *p;
131 int objsize;
132
133 if ((a == NULL((void*)0)) || (a->data == NULL((void*)0)))
134 return (0);
135
136 objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT6);
137 if (pp == NULL((void*)0))
138 return objsize;
139
140 p = *pp;
141 ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT6, V_ASN1_UNIVERSAL0x00);
142 memcpy(p, a->data, a->length);
143 p += a->length;
144
145 *pp = p;
146 return (objsize);
147}
148
149int
150a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
151{
152 int i, first, len = 0, c, use_bn;
153 char ftmp[24], *tmp = ftmp;
154 int tmpsize = sizeof ftmp;
155 const char *p;
156 unsigned long l;
157 BIGNUM *bl = NULL((void*)0);
158
159 if (num == 0)
1
Assuming 'num' is not equal to 0
2
Taking false branch
160 return (0);
161 else if (num == -1)
3
Assuming the condition is false
4
Taking false branch
162 num = strlen(buf);
163
164 p = buf;
165 c = *(p++);
166 num--;
167 if ((c >= '0') && (c <= '2')) {
5
Assuming the condition is true
6
Assuming the condition is true
7
Taking true branch
168 first= c-'0';
169 } else {
170 ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE)ERR_put_error(13,(0xfff),(122),"/usr/src/lib/libcrypto/asn1/a_object.c"
,170)
;
171 goto err;
172 }
173
174 if (num <= 0) {
8
Assuming 'num' is > 0
9
Taking false branch
175 ASN1error(ASN1_R_MISSING_SECOND_NUMBER)ERR_put_error(13,(0xfff),(138),"/usr/src/lib/libcrypto/asn1/a_object.c"
,175)
;
176 goto err;
177 }
178 c = *(p++);
179 num--;
180 for (;;) {
10
Loop condition is true. Entering loop body
181 if (num <= 0)
11
Assuming 'num' is > 0
12
Taking false branch
182 break;
183 if ((c != '.') && (c != ' ')) {
13
Assuming the condition is false
184 ASN1error(ASN1_R_INVALID_SEPARATOR)ERR_put_error(13,(0xfff),(131),"/usr/src/lib/libcrypto/asn1/a_object.c"
,184)
;
185 goto err;
186 }
187 l = 0;
188 use_bn = 0;
189 for (;;) {
14
Loop condition is true. Entering loop body
24
Loop condition is true. Entering loop body
35
Loop condition is true. Entering loop body
54
Loop condition is true. Entering loop body
190 if (num
14.1
'num' is > 0
<= 0
)
15
Taking false branch
25
Assuming 'num' is > 0
26
Taking false branch
36
Assuming 'num' is > 0
37
Taking false branch
55
Assuming 'num' is <= 0
56
Taking true branch
191 break;
57
Execution continues on line 214
192 num--;
193 c = *(p++);
194 if ((c == ' ') || (c == '.'))
16
Assuming the condition is false
17
Assuming the condition is false
18
Taking false branch
27
Assuming the condition is false
28
Assuming the condition is false
29
Taking false branch
38
Assuming the condition is false
39
Assuming the condition is false
40
Taking false branch
195 break;
196 if ((c < '0') || (c > '9')) {
19
Assuming the condition is false
20
Assuming the condition is false
21
Taking false branch
30
Assuming the condition is false
31
Assuming the condition is false
32
Taking false branch
41
Assuming the condition is false
42
Assuming the condition is false
43
Taking false branch
197 ASN1error(ASN1_R_INVALID_DIGIT)ERR_put_error(13,(0xfff),(130),"/usr/src/lib/libcrypto/asn1/a_object.c"
,197)
;
198 goto err;
199 }
200 if (!use_bn
21.1
'use_bn' is 0
32.1
'use_bn' is 0
43.1
'use_bn' is 0
&& l >= ((ULONG_MAX(9223372036854775807L *2UL+1UL) - 80) / 10L)) {
22
Taking false branch
33
Taking false branch
44
Assuming the condition is true
45
Taking true branch
201 use_bn = 1;
202 if (!bl
45.1
'bl' is null
)
46
Taking true branch
203 bl = BN_new();
204 if (!bl || !BN_set_word(bl, l))
47
Assuming 'bl' is non-null
48
Assuming the condition is false
49
Taking false branch
205 goto err;
206 }
207 if (use_bn
22.1
'use_bn' is 0
33.1
'use_bn' is 0
49.1
'use_bn' is 1
) {
23
Taking false branch
34
Taking false branch
50
Taking true branch
208 if (!BN_mul_word(bl, 10L) ||
51
Assuming the condition is false
53
Taking false branch
209 !BN_add_word(bl, c-'0'))
52
Assuming the condition is false
210 goto err;
211 } else
212 l = l * 10L + (long)(c - '0');
213 }
214 if (len
57.1
'len' is equal to 0
== 0) {
58
Taking true branch
215 if ((first < 2) && (l >= 40)) {
59
Assuming 'first' is >= 2
216 ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE)ERR_put_error(13,(0xfff),(147),"/usr/src/lib/libcrypto/asn1/a_object.c"
,216)
;
217 goto err;
218 }
219 if (use_bn
59.1
'use_bn' is 1
) {
60
Taking true branch
220 if (!BN_add_word(bl, first * 40))
61
Assuming the condition is false
62
Taking false branch
221 goto err;
222 } else
223 l += (long)first * 40;
224 }
225 i = 0;
226 if (use_bn
62.1
'use_bn' is 1
) {
63
Taking true branch
227 int blsize;
228 blsize = BN_num_bits(bl);
229 blsize = (blsize + 6) / 7;
230 if (blsize > tmpsize) {
64
Assuming 'blsize' is <= 'tmpsize'
65
Taking false branch
231 if (tmp != ftmp)
232 free(tmp);
233 tmpsize = blsize + 32;
234 tmp = malloc(tmpsize);
235 if (!tmp)
236 goto err;
237 }
238 while (blsize--)
66
Loop condition is false. Execution continues on line 250
239 tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
240 } else {
241
242 for (;;) {
243 tmp[i++] = (unsigned char)l & 0x7f;
244 l >>= 7L;
245 if (l == 0L)
246 break;
247 }
248
249 }
250 if (out != NULL((void*)0)) {
67
Assuming 'out' is not equal to NULL
68
Taking true branch
251 if (len + i > olen) {
69
Assuming the condition is false
70
Taking false branch
252 ASN1error(ASN1_R_BUFFER_TOO_SMALL)ERR_put_error(13,(0xfff),(107),"/usr/src/lib/libcrypto/asn1/a_object.c"
,252)
;
253 goto err;
254 }
255 while (--i > 0)
71
Loop condition is false. Execution continues on line 257
256 out[len++] = tmp[i]|0x80;
257 out[len++] = tmp[0];
72
Assigned value is garbage or undefined
258 } else
259 len += i;
260 }
261 if (tmp != ftmp)
262 free(tmp);
263 BN_free(bl);
264 return (len);
265
266 err:
267 if (tmp != ftmp)
268 free(tmp);
269 BN_free(bl);
270 return (0);
271}
272
273int
274i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
275{
276 return OBJ_obj2txt(buf, buf_len, a, 0);
277}
278
279int
280i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
281{
282 char *tmp = NULL((void*)0);
283 size_t tlen = 256;
284 int i = -1;
285
286 if ((a == NULL((void*)0)) || (a->data == NULL((void*)0)))
287 return(BIO_write(bp, "NULL", 4));
288 if ((tmp = malloc(tlen)) == NULL((void*)0))
289 return -1;
290 i = i2t_ASN1_OBJECT(tmp, tlen, a);
291 if (i > (int)(tlen - 1)) {
292 freezero(tmp, tlen);
293 if ((tmp = malloc(i + 1)) == NULL((void*)0))
294 return -1;
295 tlen = i + 1;
296 i = i2t_ASN1_OBJECT(tmp, tlen, a);
297 }
298 if (i <= 0)
299 i = BIO_write(bp, "<INVALID>", 9);
300 else
301 i = BIO_write(bp, tmp, i);
302 freezero(tmp, tlen);
303 return (i);
304}
305
306ASN1_OBJECT *
307d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length)
308{
309 const unsigned char *p;
310 long len;
311 int tag, xclass;
312 int inf, i;
313 ASN1_OBJECT *ret = NULL((void*)0);
314
315 p = *pp;
316 inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
317 if (inf & 0x80) {
318 i = ASN1_R_BAD_OBJECT_HEADER102;
319 goto err;
320 }
321
322 if (tag != V_ASN1_OBJECT6) {
323 i = ASN1_R_EXPECTING_AN_OBJECT116;
324 goto err;
325 }
326 ret = c2i_ASN1_OBJECT(a, &p, len);
327 if (ret)
328 *pp = p;
329 return ret;
330
331 err:
332 ASN1error(i)ERR_put_error(13,(0xfff),(i),"/usr/src/lib/libcrypto/asn1/a_object.c"
,332)
;
333 return (NULL((void*)0));
334}
335
336ASN1_OBJECT *
337c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
338{
339 ASN1_OBJECT *ret;
340 const unsigned char *p;
341 unsigned char *data;
342 int i, length;
343
344 /*
345 * Sanity check OID encoding:
346 * - need at least one content octet
347 * - MSB must be clear in the last octet
348 * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
349 */
350 if (len <= 0 || len > INT_MAX2147483647 || pp == NULL((void*)0) || (p = *pp) == NULL((void*)0) ||
351 p[len - 1] & 0x80) {
352 ASN1error(ASN1_R_INVALID_OBJECT_ENCODING)ERR_put_error(13,(0xfff),(216),"/usr/src/lib/libcrypto/asn1/a_object.c"
,352)
;
353 return (NULL((void*)0));
354 }
355
356 /* Now 0 < len <= INT_MAX, so the cast is safe. */
357 length = (int)len;
358 for (i = 0; i < length; i++, p++) {
359 if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
360 ASN1error(ASN1_R_INVALID_OBJECT_ENCODING)ERR_put_error(13,(0xfff),(216),"/usr/src/lib/libcrypto/asn1/a_object.c"
,360)
;
361 return (NULL((void*)0));
362 }
363 }
364
365 if ((a == NULL((void*)0)) || ((*a) == NULL((void*)0)) ||
366 !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC0x01)) {
367 if ((ret = ASN1_OBJECT_new()) == NULL((void*)0))
368 return (NULL((void*)0));
369 } else
370 ret = *a;
371
372 p = *pp;
373
374 /* detach data from object */
375 data = (unsigned char *)ret->data;
376 freezero(data, ret->length);
377
378 data = malloc(length);
379 if (data == NULL((void*)0)) {
380 ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_object.c"
,380)
;
381 goto err;
382 }
383
384 memcpy(data, p, length);
385
386 /* If there are dynamic strings, free them here, and clear the flag. */
387 if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS0x04) != 0) {
388 free((void *)ret->sn);
389 free((void *)ret->ln);
390 ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS0x04;
391 }
392
393 /* reattach data to object, after which it remains const */
394 ret->data = data;
395 ret->length = length;
396 ret->sn = NULL((void*)0);
397 ret->ln = NULL((void*)0);
398 ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA0x08;
399 p += length;
400
401 if (a != NULL((void*)0))
402 *a = ret;
403 *pp = p;
404 return (ret);
405
406 err:
407 if (a == NULL((void*)0) || ret != *a)
408 ASN1_OBJECT_free(ret);
409 return (NULL((void*)0));
410}