Fwd: New Defects reported by Coverity Scan for Das U-Boot
Hello Tom,
could you, please, have a look at the problems reported by Coverity concerning code introduced by you into U-Boot.
For SHA256_Update_recycle() I guess you just have to change the signature of the function to
SHA256_Update_recycled (SHA256_CTX *ctx, unsigned char *block, size_t len)
Looking at
https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=595...
https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=595...
and
https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=595...
I think the issues are false positives:
Coverity ignores that if the sha256_update() is called will length < 64 sha256_process() will be called with blocks = 0 and will not access the buffer.
Best regards
Heinrich
-------- Forwarded Message -------- Subject: New Defects reported by Coverity Scan for Das U-Boot Date: Tue, 26 Jul 2022 00:49:17 +0000 (UTC) From: scan-admin@coverity.com To: xypron.glpk@gmx.de
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
3 new defect(s) introduced to Das U-Boot found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s)
** CID 355366: (OVERRUN)
________________________________________________________________________________________________________ *** CID 355366: (OVERRUN) /lib/crypt/crypt-sha256.c: 104 in SHA256_Update_recycled() 98 SHA256_Update_recycled (SHA256_CTX *ctx, 99 unsigned char block[32], size_t len) 100 { 101 size_t cnt; 102 for (cnt = len; cnt >= 32; cnt -= 32) 103 SHA256_Update (ctx, block, 32);
CID 355366: (OVERRUN) Overrunning buffer pointed to by "(void const *)block" of 32 bytes by passing it to a function which accesses it at byte offset 63.
104 SHA256_Update (ctx, block, cnt); 105 } 106 107 void 108 crypt_sha256crypt_rn (const char *phrase, size_t phr_size, 109 const char *setting, size_t ARG_UNUSED (set_size), /lib/crypt/crypt-sha256.c: 103 in SHA256_Update_recycled() 97 static void 98 SHA256_Update_recycled (SHA256_CTX *ctx, 99 unsigned char block[32], size_t len) 100 { 101 size_t cnt; 102 for (cnt = len; cnt >= 32; cnt -= 32)
CID 355366: (OVERRUN) Overrunning buffer pointed to by "(void const *)block" of 32 bytes by passing it to a function which accesses it at byte offset 63.
103 SHA256_Update (ctx, block, 32); 104 SHA256_Update (ctx, block, cnt); 105 } 106 107 void 108 crypt_sha256crypt_rn (const char *phrase, size_t phr_size,
** CID 355365: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________ *** CID 355365: Memory - corruptions (OVERRUN) /lib/crypt/crypt-sha256.c: 212 in crypt_sha256crypt_rn() 206 characters and it ends at the first `$' character (for 207 compatibility with existing implementations). */ 208 SHA256_Update (ctx, salt, salt_size); 209 210 /* Add for any character in the phrase one byte of the alternate sum. */ 211 for (cnt = phr_size; cnt > 32; cnt -= 32)
CID 355365: Memory - corruptions (OVERRUN) Overrunning buffer pointed to by "(void const *)result" of 32 bytes by passing it to a function which accesses it at byte offset 63.
212 SHA256_Update (ctx, result, 32); 213 SHA256_Update (ctx, result, cnt); 214 215 /* Take the binary representation of the length of the phrase and for every 216 1 add the alternate sum, for every 0 the phrase. */ 217 for (cnt = phr_size; cnt > 0; cnt >>= 1)
** CID 355364: (OVERRUN)
________________________________________________________________________________________________________ *** CID 355364: (OVERRUN) /lib/sha256.c: 259 in sha256_finish() 253 PUT_UINT32_BE(low, msglen, 4); 254 255 last = ctx->total[0] & 0x3F; 256 padn = (last < 56) ? (56 - last) : (120 - last); 257 258 sha256_update(ctx, sha256_padding, padn);
CID 355364: (OVERRUN) Overrunning array "msglen" of 8 bytes by passing it to a function which accesses it at byte offset 63.
259 sha256_update(ctx, msglen, 8); 260 261 PUT_UINT32_BE(ctx->state[0], digest, 0); 262 PUT_UINT32_BE(ctx->state[1], digest, 4); 263 PUT_UINT32_BE(ctx->state[2], digest, 8); 264 PUT_UINT32_BE(ctx->state[3], digest, 12); /lib/sha256.c: 259 in sha256_finish() 253 PUT_UINT32_BE(low, msglen, 4); 254 255 last = ctx->total[0] & 0x3F; 256 padn = (last < 56) ? (56 - last) : (120 - last); 257 258 sha256_update(ctx, sha256_padding, padn);
CID 355364: (OVERRUN) Overrunning array "msglen" of 8 bytes by passing it to a function which accesses it at byte offset 63.
259 sha256_update(ctx, msglen, 8); 260 261 PUT_UINT32_BE(ctx->state[0], digest, 0); 262 PUT_UINT32_BE(ctx->state[1], digest, 4); 263 PUT_UINT32_BE(ctx->state[2], digest, 8); 264 PUT_UINT32_BE(ctx->state[3], digest, 12);
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "xypron.glpk@gmx.de", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
participants (1)
-
Heinrich Schuchardt