[PATCH] px5g-mbedtls (Was: px5g return value checking)
Peter Naulls
peter at chocky.org
Mon Nov 7 07:14:53 PST 2022
On 11/3/22 14:49, Peter Naulls wrote:
>
> Another one from our security scan:
>
> File: /usr/sbin/px5g
> Issue: RET NOT ASSIGNED in function 'FUN_000281b0' at address 0x281c0 while
> calling 'mbedtls_rsa_check_pub_priv'
> Issue: RET NOT ASSIGNED in function 'FUN_000285e8' at address 0x285f8 while
> calling 'mbedtls_ecp_check_pub_priv'
>
The problem is in fact with px5g-mbedtls util, not the library:
--- a/px5g-mbedtls.c
+++ b/px5g-mbedtls.c
@@ -113,13 +113,13 @@ static void gen_key(mbedtls_pk_context *key, bool rsa, int
ksize, int exp,
mbedtls_pk_init(key);
if (rsa) {
fprintf(stderr, "Generating RSA private key, %i bit long
modulus\n", ksize);
- mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
- if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL,
ksize, exp))
+ if (!mbedtls_pk_setup(key,
mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) &&
+ !mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom,
NULL, ksize, exp))
return;
} else {
fprintf(stderr, "Generating EC private key\n");
- mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
- if (!mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), _urandom,
NULL))
+ if (!mbedtls_pk_setup(key,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) &&
+ !mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key),
_urandom, NULL))
return;
}
fprintf(stderr, "error: key generation failed\n");
More information about the openwrt-devel
mailing list