20260112 Coverity: update macros and add length checks #9646
+57
−25
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rlm2002
changed the title
Contributor
Author
|
retest this please jenkins: PRB-generic-config-parser: was not stable -> Found unhandled org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException exception: |
switch WC_ALLOC_VAR_EX with XMEMSET to WC_CALLOC_VAR_EX fix XMEMSET call for WC_CALLOC_VAR_EX
rlm2002
force-pushed
the
coverity
branch
2 times, most recently
from
f212690 to
8b275a6
Compare
Contributor
Author
|
retest this please Jenkins. PRB-generic-config-parser was unstable: Found unhandled org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException exception |
SparkiDev
requested changes
Jan 14, 2026
wolfcrypt/test/test.c
Outdated
| iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); | ||
| if (iTable == NULL) | ||
| return WC_TEST_RET_ENC_ERRNO; | ||
| if (iTable == NULL){ |
Contributor
There was a problem hiding this comment.
Formatting, space after bracket, before brace.
wolfssl/internal.h
Outdated
| MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ | ||
| SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ | ||
| TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ | ||
| MAX_EXT_LEN = 63535, /* Max extension data length */ |
Contributor
There was a problem hiding this comment.
Where did this value come from?
An explanation in the comment would be good!
Contributor
Author
There was a problem hiding this comment.
Added RFC and section (RFC 8446, Sec. 4.2) to comment.
rlm2002
force-pushed
the
coverity
branch
2 times, most recently
from
15b50a4 to
b89ec81
Compare
add length check to tls extensions
SparkiDev
requested changes
Jan 15, 2026
| MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ | ||
| SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ | ||
| TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ | ||
| MAX_EXT_DATA_LEN = 63535, |
Contributor
There was a problem hiding this comment.
2^16 - 1 = 65535
The maximum value of length is 65535 as it is type word16.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Update
WC_CALLOC_VAR_EX, now calls XMEMSET properly. Usessizeof(VAR_TYPE)(CID 556176-556182: Uninitialized scalar variable)
Add length checks for TLS extensions
supported_versionsandKeySharebased on RFC 8446 and 9147(CID 487950/487948: Untrusted loop bound)
Add cleanup for
tableandiTablevariables insakke_kat_derive_test()once set byXMALLOC().CID 420937: Resource leak
Testing
./configure --enable-all && make check./configure --enable-all --enable-sakke && make checkChecklist