Bug Summary

File:src/lib/libcrypto/asn1/a_enum.c
Warning:line 322, column 16
The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name a_enum.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libcrypto/obj -resource-dir /usr/local/lib/clang/13.0.0 -D LIBRESSL_INTERNAL -D LIBRESSL_CRYPTO_INTERNAL -D DSO_DLFCN -D HAVE_DLFCN_H -D HAVE_FUNOPEN -D OPENSSL_NO_HW_PADLOCK -I /usr/src/lib/libcrypto -I /usr/src/lib/libcrypto/asn1 -I /usr/src/lib/libcrypto/bio -I /usr/src/lib/libcrypto/bn -I /usr/src/lib/libcrypto/bytestring -I /usr/src/lib/libcrypto/dh -I /usr/src/lib/libcrypto/dsa -I /usr/src/lib/libcrypto/ec -I /usr/src/lib/libcrypto/ecdh -I /usr/src/lib/libcrypto/ecdsa -I /usr/src/lib/libcrypto/evp -I /usr/src/lib/libcrypto/hmac -I /usr/src/lib/libcrypto/modes -I /usr/src/lib/libcrypto/ocsp -I /usr/src/lib/libcrypto/rsa -I /usr/src/lib/libcrypto/x509 -I /usr/src/lib/libcrypto/obj -D AES_ASM -D BSAES_ASM -D VPAES_ASM -D OPENSSL_IA32_SSE2 -D RSA_ASM -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_BN_ASM_GF2m -D MD5_ASM -D GHASH_ASM -D RC4_MD5_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D WHIRLPOOL_ASM -D OPENSSL_CPUID_OBJ -D PIC -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libcrypto/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/lib/libcrypto/asn1/a_enum.c
1/* $OpenBSD: a_enum.c,v 1.23 2021/12/25 13:17:48 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/bn.h>
65#include <openssl/buffer.h>
66#include <openssl/err.h>
67
68/*
69 * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
70 * for comments on encoding see a_int.c
71 */
72
73const ASN1_ITEM ASN1_ENUMERATED_it = {
74 .itype = ASN1_ITYPE_PRIMITIVE0x0,
75 .utype = V_ASN1_ENUMERATED10,
76 .sname = "ASN1_ENUMERATED",
77};
78
79ASN1_ENUMERATED *
80ASN1_ENUMERATED_new(void)
81{
82 return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it);
83}
84
85void
86ASN1_ENUMERATED_free(ASN1_ENUMERATED *a)
87{
88 ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it);
89}
90
91int
92ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
93{
94 int j, k;
95 unsigned int i;
96 unsigned char buf[sizeof(long) + 1];
97 long d;
98
99 a->type = V_ASN1_ENUMERATED10;
100 if (a->length < (int)(sizeof(long) + 1)) {
101 free(a->data);
102 a->data = calloc(1, sizeof(long) + 1);
103 }
104 if (a->data == NULL((void*)0)) {
105 ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,105)
;
106 return (0);
107 }
108 d = v;
109 if (d < 0) {
110 d = -d;
111 a->type = V_ASN1_NEG_ENUMERATED(10 | 0x100);
112 }
113
114 for (i = 0; i < sizeof(long); i++) {
115 if (d == 0)
116 break;
117 buf[i] = (int)d & 0xff;
118 d >>= 8;
119 }
120 j = 0;
121 for (k = i - 1; k >= 0; k--)
122 a->data[j++] = buf[k];
123 a->length = j;
124 return (1);
125}
126
127long
128ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
129{
130 int neg = 0, i;
131 unsigned long r = 0;
132
133 if (a == NULL((void*)0))
134 return (0L);
135 i = a->type;
136 if (i == V_ASN1_NEG_ENUMERATED(10 | 0x100))
137 neg = 1;
138 else if (i != V_ASN1_ENUMERATED10)
139 return -1;
140
141 if (a->length > (int)sizeof(long)) {
142 /* hmm... a bit ugly */
143 return -1;
144 }
145 if (a->data == NULL((void*)0))
146 return 0;
147
148 for (i = 0; i < a->length; i++) {
149 r <<= 8;
150 r |= (unsigned char)a->data[i];
151 }
152
153 if (r > LONG_MAX9223372036854775807L)
154 return -1;
155
156 if (neg)
157 return -(long)r;
158 return (long)r;
159}
160
161ASN1_ENUMERATED *
162BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
163{
164 ASN1_ENUMERATED *ret;
165 int len, j;
166
167 if (ai == NULL((void*)0))
168 ret = ASN1_ENUMERATED_new();
169 else
170 ret = ai;
171 if (ret == NULL((void*)0)) {
172 ASN1error(ERR_R_NESTED_ASN1_ERROR)ERR_put_error(13,(0xfff),(58),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,172)
;
173 goto err;
174 }
175 if (BN_is_negative(bn))
176 ret->type = V_ASN1_NEG_ENUMERATED(10 | 0x100);
177 else
178 ret->type = V_ASN1_ENUMERATED10;
179 j = BN_num_bits(bn);
180 len = ((j == 0) ? 0 : ((j / 8) + 1));
181 if (ret->length < len + 4) {
182 unsigned char *new_data = realloc(ret->data, len + 4);
183 if (!new_data) {
184 ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,184)
;
185 goto err;
186 }
187 ret->data = new_data;
188 }
189 ret->length = BN_bn2bin(bn, ret->data);
190
191 /* Correct zero case */
192 if (!ret->length) {
193 ret->data[0] = 0;
194 ret->length = 1;
195 }
196 return (ret);
197
198 err:
199 if (ret != ai)
200 ASN1_ENUMERATED_free(ret);
201 return (NULL((void*)0));
202}
203
204BIGNUM *
205ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
206{
207 BIGNUM *ret;
208
209 if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL((void*)0))
210 ASN1error(ASN1_R_BN_LIB)ERR_put_error(13,(0xfff),(105),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,210)
;
211 else if (ai->type == V_ASN1_NEG_ENUMERATED(10 | 0x100))
212 BN_set_negative(ret, 1);
213 return (ret);
214}
215
216/* Based on a_int.c: equivalent ENUMERATED functions */
217
218int
219i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
220{
221 int i, n = 0;
222 static const char h[] = "0123456789ABCDEF";
223 char buf[2];
224
225 if (a == NULL((void*)0))
226 return (0);
227
228 if (a->length == 0) {
229 if (BIO_write(bp, "00", 2) != 2)
230 goto err;
231 n = 2;
232 } else {
233 for (i = 0; i < a->length; i++) {
234 if ((i != 0) && (i % 35 == 0)) {
235 if (BIO_write(bp, "\\\n", 2) != 2)
236 goto err;
237 n += 2;
238 }
239 buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
240 buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
241 if (BIO_write(bp, buf, 2) != 2)
242 goto err;
243 n += 2;
244 }
245 }
246 return (n);
247
248 err:
249 return (-1);
250}
251
252int
253a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
254{
255 int ret = 0;
256 int i, j,k, m,n, again, bufsize;
257 unsigned char *s = NULL((void*)0), *sp;
258 unsigned char *bufp;
259 int first = 1;
260 size_t num = 0, slen = 0;
261
262 bs->type = V_ASN1_ENUMERATED10;
263
264 bufsize = BIO_gets(bp, buf, size);
265 for (;;) {
1
Loop condition is true. Entering loop body
266 if (bufsize < 1)
2
Assuming 'bufsize' is >= 1
3
Taking false branch
267 goto err_sl;
268 i = bufsize;
269 if (buf[i-1] == '\n')
4
Assuming the condition is false
5
Taking false branch
270 buf[--i] = '\0';
271 if (i
5.1
'i' is not equal to 0
== 0)
6
Taking false branch
272 goto err_sl;
273 if (buf[i-1] == '\r')
7
Assuming the condition is false
8
Taking false branch
274 buf[--i] = '\0';
275 if (i
8.1
'i' is not equal to 0
== 0)
9
Taking false branch
276 goto err_sl;
277 if (buf[i - 1] == '\\') {
10
Assuming the condition is false
11
Taking false branch
278 i--;
279 again = 1;
280 } else
281 again = 0;
282 buf[i] = '\0';
283 if (i < 2)
12
Assuming 'i' is >= 2
13
Taking false branch
284 goto err_sl;
285
286 bufp = (unsigned char *)buf;
287 if (first
13.1
'first' is 1
) {
14
Taking true branch
288 first = 0;
289 if ((bufp[0] == '0') && (buf[1] == '0')) {
15
Assuming the condition is false
290 bufp += 2;
291 i -= 2;
292 }
293 }
294 k = 0;
295 if (i % 2 != 0) {
16
Assuming the condition is false
17
Taking false branch
296 ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS)ERR_put_error(13,(0xfff),(145),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,296)
;
297 goto err;
298 }
299 i /= 2;
300 if (num + i > slen) {
18
Assuming the condition is true
19
Taking true branch
301 sp = realloc(s, num + i);
20
Storing uninitialized value
302 if (sp == NULL((void*)0)) {
21
Assuming 'sp' is not equal to NULL
22
Taking false branch
303 ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,303)
;
304 goto err;
305 }
306 s = sp;
307 slen = num + i;
308 }
309 for (j = 0; j
22.1
'j' is < 'i'
< i; j++, k += 2) {
23
Loop condition is true. Entering loop body
310 for (n = 0; n < 2; n++) {
24
Loop condition is true. Entering loop body
311 m = bufp[k + n];
312 if ((m >= '0') && (m <= '9'))
25
Assuming the condition is true
26
Assuming the condition is true
27
Taking true branch
313 m -= '0';
314 else if ((m >= 'a') && (m <= 'f'))
315 m = m - 'a' + 10;
316 else if ((m >= 'A') && (m <= 'F'))
317 m = m - 'A' + 10;
318 else {
319 ASN1error(ASN1_R_NON_HEX_CHARACTERS)ERR_put_error(13,(0xfff),(141),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,319)
;
320 goto err;
321 }
322 s[num + j] <<= 4;
28
The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
323 s[num + j] |= m;
324 }
325 }
326 num += i;
327 if (again)
328 bufsize = BIO_gets(bp, buf, size);
329 else
330 break;
331 }
332 bs->length = num;
333 bs->data = s;
334 return (1);
335
336 err_sl:
337 ASN1error(ASN1_R_SHORT_LINE)ERR_put_error(13,(0xfff),(150),"/usr/src/lib/libcrypto/asn1/a_enum.c"
,337)
;
338 err:
339 free(s);
340 return (ret);
341}
342
343int
344i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out)
345{
346 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it);
347}
348
349ASN1_ENUMERATED *
350d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len)
351{
352 return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
353 &ASN1_ENUMERATED_it);
354}