Page MenuHome GnuPG
Create Task
Maniphest T1916

fipsdrv.c: potential race condition due to the use of access(1)
Closed, ResolvedPublic
Actions

Description

I believe the way to handle these checks is to make the call and handle the
failure; not test with access(1). Oh, and there's some potential null deferences.

/usr/local/bin/scan-build/ccc-analyzer -DHAVE_CONFIG_H -I. -I.. -I../src
-I../src -I/usr/local/include -g3 -O1 -fvisibility=hidden -Wall -MT fipsdrv.o
-MD -MP -MF .deps/fipsdrv.Tpo -c -o fipsdrv.o fipsdrv.c
fipsdrv.c:202:12: warning: Dereference of null pointer (loaded from variable 's')

if (!hexdigitp (s) || !hexdigitp (s+1))
     ^~~~~~~~~~~~~

fipsdrv.c:50:23: note: expanded from macro 'hexdigitp'
#define hexdigitp(a) (digitp (a) \

^~~~~~~~~~

fipsdrv.c:49:22: note: expanded from macro 'digitp'
#define digitp(p) (*(p) >= '0' && *(p) <= '9')

^~~~

fipsdrv.c:229:26: warning: Null pointer passed as an argument to a 'nonnull'
parameter

buffer = gcry_xmalloc (strlen(string)/2+1);
                       ^~~~~~~~~~~~~~

fipsdrv.c:760:3: warning: Undefined or garbage value returned to caller

return s_sig;
^~~~~~~~~~~~

fipsdrv.c:1307:9: warning: Function call argument is an uninitialized value

err = gcry_pk_genkey (&s_key, s_keyspec);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:1571:9: warning: Function call argument is an uninitialized value

err = gcry_pk_sign (&s_sig, s_data, s_key);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:1660:9: warning: Function call argument is an uninitialized value

err = gcry_pk_verify (s_sig, s_data, s_key);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:1800:26: warning: Null pointer passed as an argument to a 'nonnull'
parameter

printf ("c = %ld\n", strtoul (string, NULL, 10));
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:1802:22: warning: Null pointer passed as an argument to a 'nonnull'
parameter

printf ("%lX\n", strtoul (string, NULL, 10));
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:1892:9: warning: Function call argument is an uninitialized value

err = gcry_pk_sign (&s_sig, s_data, s_key);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:1987:9: warning: Function call argument is an uninitialized value

err = gcry_pk_verify (s_sig, s_data, s_key);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:2382:15: warning: Null pointer passed as an argument to a 'nonnull'
parameter

switch (atoi (algo_string))
        ^~~~~~~~~~~~~~~~~~

fipsdrv.c:2427:11: warning: Null pointer passed as an argument to a 'nonnull'
parameter

if (access (key_string, R_OK))
    ^~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:2446:11: warning: Null pointer passed as an argument to a 'nonnull'
parameter

if (access (key_string, R_OK))
    ^~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:2488:11: warning: Null pointer passed as an argument to a 'nonnull'
parameter

if (access (key_string, R_OK))
    ^~~~~~~~~~~~~~~~~~~~~~~~~

fipsdrv.c:2499:11: warning: Null pointer passed as an argument to a 'nonnull'
parameter

if (access (key_string, R_OK))
    ^~~~~~~~~~~~~~~~~~~~~~~~~

15 warnings generated.

Details

Version
1.6.3

Event Timeline

JW set Version to 1.6.3.Mar 6 2015, 10:13 AM
JW added projects: libgcrypt, Bug Report.
JW added a subscriber: JW.
werner added a subscriber: werner.Mar 10 2015, 9:21 AM

No c+p of warnings please! Use gnupg-devel for such things.

werner closed this task as Resolved.Mar 10 2015, 9:21 AM
werner claimed this task.