[PATCH] px5g-mbedtls (Was: px5g return value checking)

Rosen Penev rosenp at gmail.com
Mon Nov 7 16:48:21 PST 2022


On Mon, Nov 7, 2022 at 7:19 AM Peter Naulls <peter at chocky.org> wrote:
>
> On 11/3/22 14:49, Peter Naulls wrote:
> >
> > Another one from our security scan:
> >
> > File: /usr/sbin/px5g
> > Issue: RET NOT ASSIGNED in function 'FUN_000281b0' at address 0x281c0 while
> > calling 'mbedtls_rsa_check_pub_priv'
> > Issue: RET NOT ASSIGNED in function 'FUN_000285e8' at address 0x285f8 while
> > calling 'mbedtls_ecp_check_pub_priv'
> >
>
> The problem is in fact with px5g-mbedtls util, not the library:
Upstream marks a bunch of stuff with MBEDTLS_CHECK_RETURN_TYPICAL aka
warn_unused_result. This function is not. Maybe upstream should also
be fixed.

AFAIK, clang-tidy will mark this function as nodiscard if this is a C++ project.
>
>
>
> --- a/px5g-mbedtls.c
> +++ b/px5g-mbedtls.c
> @@ -113,13 +113,13 @@ static void gen_key(mbedtls_pk_context *key, bool rsa, int
> ksize, int exp,
>          mbedtls_pk_init(key);
>          if (rsa) {
>                  fprintf(stderr, "Generating RSA private key, %i bit long
> modulus\n", ksize);
> -               mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
> -               if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL,
> ksize, exp))
> +               if (!mbedtls_pk_setup(key,
> mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) &&
> +                       !mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom,
> NULL, ksize, exp))
>                          return;
>          } else {
>                  fprintf(stderr, "Generating EC private key\n");
> -               mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
> -               if (!mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), _urandom,
> NULL))
> +               if (!mbedtls_pk_setup(key,
> mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) &&
> +                       !mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key),
> _urandom, NULL))
>                          return;
>          }
>          fprintf(stderr, "error: key generation failed\n");
>
>
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list