Closed Bug 1280851 Opened 8 years ago Closed 8 years ago

Fix some libssl Coverity issues

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1279399

People

(Reporter: ttaubert, Assigned: ttaubert)

References

(Blocks 1 open bug)

Details

*** CID 1362653:  Control flow issues  (DEADCODE)
/security/nss/lib/ssl/ssl3ecc.c: 800 in ssl3_SendECDHServerKeyExchange()
794             if (rv != SECSuccess) {
795                 goto loser;
796             }
797             PR_APPEND_LINK(&keyPair->link, &ss->ephemeralKeyPairs);
798         }
799         if (rv != SECSuccess) {
>>>     CID 1362653:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "goto loser;".
800             goto loser;
801         }
802     
803         PORT_Assert(keyPair);
804         if (!keyPair) {
805             PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);


*** CID 1362656:  Memory - illegal accesses  (UNINIT)
/security/nss/lib/ssl/sslcert.c: 167 in ssl_FindServerCertByAuthType()
161         return NULL;
162     }
163     
164     sslServerCert *
165     ssl_FindServerCertByAuthType(const sslSocket *ss, SSLAuthType authType)
166     {
>>>     CID 1362656:  Memory - illegal accesses  (UNINIT)
>>>     Declaring variable "certType" without initializer.
167         sslServerCertType certType;
168         certType.authType = authType;
169         switch (authType) {
170             /* Setting the named curve to NULL ensures that all EC certificates
171              * are matched when searching for this slot. */
172             case ssl_auth_ecdsa:


*** CID 1362657:  Memory - illegal accesses  (UNINIT)
/security/nss/lib/ssl/sslcert.c: 642 in ssl_FindOrMakeCertType()
636     /* This finds an existing server cert slot and unlinks it, or it makes a new
637      * server cert slot of the right type. */
638     static sslServerCert *
639     ssl_FindOrMakeCertType(sslSocket *ss, SSLAuthType authType)
640     {
641         sslServerCert *sc;
>>>     CID 1362657:  Memory - illegal accesses  (UNINIT)
>>>     Declaring variable "certType" without initializer.
642         sslServerCertType certType;
643     
644         certType.authType = authType;
645         switch (authType) {
646             case ssl_auth_ecdsa:
647             case ssl_auth_ecdh_rsa:


*** CID 1362658:  Memory - illegal accesses  (UNINIT)
/security/nss/lib/ssl/ssl3ext.c: 192 in ssl3_GenerateSessionTicketKeysPKCS11()
186     
187     static PRStatus
188     ssl3_GenerateSessionTicketKeysPKCS11(void *data)
189     {
190         SECStatus rv;
191         sslSocket *ss = (sslSocket *)data;
>>>     CID 1362658:  Memory - illegal accesses  (UNINIT)
>>>     Declaring variable "certType" without initializer.
192         sslServerCertType certType;
193         const sslServerCert *sc;
194         SECKEYPrivateKey *svrPrivKey;
195         SECKEYPublicKey *svrPubKey;
196     
197         certType.authType = ssl_auth_rsa_decrypt;
Patch at: https://codereview.appspot.com/296510043
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
Flags: needinfo?(franziskuskiefer)
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(franziskuskiefer)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.