I ran analyzer, it shows old findings. am I missing something? or patches
were not yet applied
diff =
diff -u -p a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -181,6 +181,8 @@ ndef_prefix(BIO *b, unsigned char **pbuf
derlen = ASN
Hello,
patch attached.
Ilya
From c996eebf03a4c5585d2c3045407c827de60c88d5 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin
Date: Sun, 14 May 2023 17:45:36 +0200
Subject: [PATCH] LibreSSL: missing malloc failure check added
found during LibreSSL code audit
---
src/lib/libcrypto/asn1/bio_ndef.c | 4
r_rcontent(SSL *s, rcontent_p
return 0;
rdata = malloc(sizeof(DTLS1_RCONTENT_DATA_INTERNAL));
+if (rdata == NULL)
+return;
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
goto init_err;
вт, 16 мая 2023 г. в 15:18, Theo Buehler :
> On Sun, May 14, 2023 at 05:5
вт, 16 мая 2023 г. в 21:18, Theo Buehler :
> > I tried to find "missing malloc null check" using the following
> coccinelle
> > script (easy to run from within CI)
>
> Cool, that's nice. We tend to be strict with error checking in new code,
> but having such a sanity check certainly won't hurt. If
