Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1757189277, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"77d9e0c386cb9e25f20f621f36e13090", "commit": {"type":"commit", "time": 1578729517, "time_ofs": 0, "oid_tree": { "oid": "ecc9f347dda3608d27c208973edd03afa07247ed", "alias": []}, "oid":{ "oid": "86fe71fdf3f8e8ea6c42d3cb69f658c540b4b6d3", "alias": []}, "msg": "lws_get_random: change length to size_t for coverity", "sig_commit": { "git_time": { "time": 1578729517, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1578729517, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }}, "body": "lws_get_random: change length to size_t for coverity" , "diff": "diff --git a/include/libwebsockets/lws-misc.h b/include/libwebsockets/lws-misc.h\nindex 1f6b0f1..65335e1 100644\n--- a/include/libwebsockets/lws-misc.h\n+++ b/include/libwebsockets/lws-misc.h\n@@ -216,8 +216,8 @@ lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len);\n * Fills buf with len bytes of random. Returns the number of bytes set, if\n * not equal to len, then getting the random failed.\n */\n-LWS_VISIBLE LWS_EXTERN int\n-lws_get_random(struct lws_context *context, void *buf, int len);\n+LWS_VISIBLE LWS_EXTERN size_t\n+lws_get_random(struct lws_context *context, void *buf, size_t len);\n /**\n * lws_daemonize(): make current process run in the background\n *\ndiff --git a/lib/core-net/vhost.c b/lib/core-net/vhost.c\nindex 898ca19..685a164 100644\n--- a/lib/core-net/vhost.c\n+++ b/lib/core-net/vhost.c\n@@ -725,13 +725,16 @@ lws_create_vhost(struct lws_context *context,\n #endif\n \t{\n #ifdef LWS_HAVE_GETENV\n-\t\tp \u003d getenv(\u0022http_proxy\u0022);\n+#if defined(__COVERITY__)\n+\t\tp \u003d NULL;\n+#else\n+\t\tp \u003d getenv(\u0022http_proxy\u0022); /* coverity[tainted_scalar] */\n \t\tif (p) {\n \t\t\tlws_strncpy(buf, p, sizeof(buf));\n-\t\t\t/* coverity[tainted_scalar] */\n \t\t\tlws_set_proxy(vh, buf);\n \t\t}\n #endif\n+#endif\n \t}\n #endif\n #if defined(LWS_WITH_SOCKS5)\ndiff --git a/lib/jose/jwe/jwe-ecdh-es-aeskw.c b/lib/jose/jwe/jwe-ecdh-es-aeskw.c\nindex 154b543..421be2e 100644\n--- a/lib/jose/jwe/jwe-ecdh-es-aeskw.c\n+++ b/lib/jose/jwe/jwe-ecdh-es-aeskw.c\n@@ -293,7 +293,8 @@ lws_jwe_encrypt_ecdh(struct lws_jwe *jwe, char *temp, int *temp_len,\n \n \t\t/* generate the actual CEK in cek */\n \n-\t\tif (lws_get_random(jwe-\u003ejws.context, cek, enc_hlen) !\u003d enc_hlen) {\n+\t\tif (lws_get_random(jwe-\u003ejws.context, cek, enc_hlen) !\u003d\n+\t\t\t\t\t\t\t(size_t)enc_hlen) {\n \t\t\tlwsl_err(\u0022Problem getting random\u005cn\u0022);\n \t\t\tgoto bail;\n \t\t}\ndiff --git a/lib/jose/jwe/jwe-rsa-aesgcm.c b/lib/jose/jwe/jwe-rsa-aesgcm.c\nindex d629403..0016128 100644\n--- a/lib/jose/jwe/jwe-rsa-aesgcm.c\n+++ b/lib/jose/jwe/jwe-rsa-aesgcm.c\n@@ -68,7 +68,7 @@ lws_jwe_encrypt_rsa_aes_gcm(struct lws_jwe *jwe, char *temp, int *temp_len)\n \t */\n \tif (!jwe-\u003ecek_valid) {\n \t\tif (lws_get_random(jwe-\u003ejws.context, jwe-\u003ecek, ekbytes) !\u003d\n-\t\t\t\t\t\t\t ekbytes) {\n+\t\t\t\t\t\t\t (size_t)ekbytes) {\n \t\t\tlwsl_err(\u0022%s: Problem getting random\u005cn\u0022, __func__);\n \t\t\treturn -1;\n \t\t}\ndiff --git a/lib/jose/jwk/jwk.c b/lib/jose/jwk/jwk.c\nindex 7e39ef8..a7d4f10 100644\n--- a/lib/jose/jwk/jwk.c\n+++ b/lib/jose/jwk/jwk.c\n@@ -569,6 +569,7 @@ int\n lws_jwk_generate(struct lws_context *context, struct lws_jwk *jwk,\n \t enum lws_gencrypto_kty kty, int bits, const char *curve)\n {\n+\tsize_t sn;\n \tint n;\n \n \tmemset(jwk, 0, sizeof(*jwk));\n@@ -592,11 +593,11 @@ lws_jwk_generate(struct lws_context *context, struct lws_jwk *jwk,\n \t}\n \t\tbreak;\n \tcase LWS_GENCRYPTO_KTY_OCT:\n-\t\tn \u003d lws_gencrypto_bits_to_bytes(bits);\n-\t\tjwk-\u003ee[LWS_GENCRYPTO_OCT_KEYEL_K].buf \u003d lws_malloc(n, \u0022oct\u0022);\n-\t\tjwk-\u003ee[LWS_GENCRYPTO_OCT_KEYEL_K].len \u003d n;\n+\t\tsn \u003d lws_gencrypto_bits_to_bytes(bits);\n+\t\tjwk-\u003ee[LWS_GENCRYPTO_OCT_KEYEL_K].buf \u003d lws_malloc(sn, \u0022oct\u0022);\n+\t\tjwk-\u003ee[LWS_GENCRYPTO_OCT_KEYEL_K].len \u003d sn;\n \t\tif (lws_get_random(context,\n-\t\t\t\t jwk-\u003ee[LWS_GENCRYPTO_OCT_KEYEL_K].buf, n) !\u003d n) {\n+\t\t\t jwk-\u003ee[LWS_GENCRYPTO_OCT_KEYEL_K].buf, sn) !\u003d sn) {\n \t\t\tlwsl_err(\u0022%s: problem getting random\u005cn\u0022, __func__);\n \t\t\treturn 1;\n \t\t}\ndiff --git a/lib/jose/jws/jws.c b/lib/jose/jws/jws.c\nindex 1a95e41..de0a572 100644\n--- a/lib/jose/jws/jws.c\n+++ b/lib/jose/jws/jws.c\n@@ -244,7 +244,7 @@ lws_jws_randomize_element(struct lws_context *context, struct lws_jws_map *map,\n \tmap-\u003elen[idx] \u003d random_len;\n \tmap-\u003ebuf[idx] \u003d temp;\n \n-\tif (lws_get_random(context, temp, random_len) !\u003d (int)random_len) {\n+\tif (lws_get_random(context, temp, random_len) !\u003d random_len) {\n \t\tlwsl_err(\u0022Problem getting random\u005cn\u0022);\n \t\treturn -1;\n \t}\ndiff --git a/lib/plat/freertos/esp32/esp32-helpers.c b/lib/plat/freertos/esp32/esp32-helpers.c\nindex 1cd6fa8..f646354 100644\n--- a/lib/plat/freertos/esp32/esp32-helpers.c\n+++ b/lib/plat/freertos/esp32/esp32-helpers.c\n@@ -1122,7 +1122,7 @@ lws_esp32_get_image_info(const esp_partition_t *part, struct lws_esp32_image *i,\n static int\n _rngf(void *context, unsigned char *buf, size_t len)\n {\n-\tif ((size_t)lws_get_random(context, buf, len) \u003d\u003d len)\n+\tif (lws_get_random(context, buf, len) \u003d\u003d len)\n \t\treturn 0;\n \n \treturn -1;\ndiff --git a/lib/plat/freertos/freertos-misc.c b/lib/plat/freertos/freertos-misc.c\nindex 78be491..3d59afd 100644\n--- a/lib/plat/freertos/freertos-misc.c\n+++ b/lib/plat/freertos/freertos-misc.c\n@@ -32,8 +32,8 @@ lws_now_usecs(void)\n \treturn ((unsigned long long)tv.tv_sec * 1000000LL) + tv.tv_usec;\n }\n \n-int\n-lws_get_random(struct lws_context *context, void *buf, int len)\n+size_t\n+lws_get_random(struct lws_context *context, void *buf, size_t len)\n {\n #if defined(LWS_WITH_ESP32)\n \tuint8_t *pb \u003d buf;\ndiff --git a/lib/plat/optee/lws-plat-optee.c b/lib/plat/optee/lws-plat-optee.c\nindex 9d3b5ff..80c6244 100644\n--- a/lib/plat/optee/lws-plat-optee.c\n+++ b/lib/plat/optee/lws-plat-optee.c\n@@ -73,8 +73,8 @@ lws_now_usecs(void)\n }\n #endif\n \n-int\n-lws_get_random(struct lws_context *context, void *buf, int len)\n+size_t\n+lws_get_random(struct lws_context *context, void *buf, size_t len)\n {\n #if defined(LWS_WITH_NETWORK)\n \tTEE_GenerateRandom(buf, len);\ndiff --git a/lib/plat/unix/unix-misc.c b/lib/plat/unix/unix-misc.c\nindex 59dac2c..a172fff 100644\n--- a/lib/plat/unix/unix-misc.c\n+++ b/lib/plat/unix/unix-misc.c\n@@ -47,10 +47,16 @@ lws_now_usecs(void)\n #endif\n }\n \n-int\n-lws_get_random(struct lws_context *context, void *buf, int len)\n+size_t\n+lws_get_random(struct lws_context *context, void *buf, size_t len)\n {\n-\treturn read(context-\u003efd_random, (char *)buf, len);\n+#if defined(__COVERITY__)\n+\tmemset(buf, 0, len);\n+\treturn len;\n+#else\n+\t/* coverity[tainted_scalar] */\n+\treturn (size_t)read(context-\u003efd_random, (char *)buf, len);\n+#endif\n }\n \n void lwsl_emit_syslog(int level, const char *line)\ndiff --git a/lib/plat/windows/windows-misc.c b/lib/plat/windows/windows-misc.c\nindex 6bbc564..e5dae44 100644\n--- a/lib/plat/windows/windows-misc.c\n+++ b/lib/plat/windows/windows-misc.c\n@@ -68,10 +68,10 @@ time_t time(time_t *t)\n }\n #endif\n \n-int\n-lws_get_random(struct lws_context *context, void *buf, int len)\n+size_t\n+lws_get_random(struct lws_context *context, void *buf, size_t len)\n {\n-\tint n;\n+\tsize_t n;\n \tchar *p \u003d (char *)buf;\n \n \tfor (n \u003d 0; n \u003c len; n++)\ndiff --git a/plugins/deaddrop/protocol_lws_deaddrop.c b/plugins/deaddrop/protocol_lws_deaddrop.c\nindex a55fee6..d38cafc 100644\n--- a/plugins/deaddrop/protocol_lws_deaddrop.c\n+++ b/plugins/deaddrop/protocol_lws_deaddrop.c\n@@ -168,7 +168,10 @@ scan_upload_dir(struct vhd_deaddrop *vhd)\n \t\t/* ignore temp files */\n \t\tif (de-\u003ed_name[strlen(de-\u003ed_name) - 1] \u003d\u003d '~')\n \t\t\tcontinue;\n-\n+#if defined(__COVERITY__)\n+\t\ts.st_size \u003d 0;\n+\t\ts.st_mtime \u003d 0;\n+#else\n \t\t/* coverity[toctou] */\n \t\tif (stat(filepath, \u0026s))\n \t\t\tcontinue;\n@@ -193,6 +196,7 @@ scan_upload_dir(struct vhd_deaddrop *vhd)\n \t\t\t}\n \t\t\tcontinue;\n \t\t}\n+#endif\n \n \t\tm \u003d strlen(filepath + initial) + 1;\n \t\tdire \u003d lwsac_use(\u0026lwsac_head, sizeof(*dire) + m, 0);\n@@ -206,8 +210,10 @@ scan_upload_dir(struct vhd_deaddrop *vhd)\n \t\tdire-\u003esize \u003d s.st_size;\n \t\tdire-\u003emtime \u003d s.st_mtime;\n \t\tdire-\u003euser[0] \u003d '\u005c0';\n+#if !defined(__COVERITY__)\n \t\tif (sp)\n \t\t\tlws_strncpy(dire-\u003euser, subdir[1], sizeof(dire-\u003euser));\n+#endif\n \n \t\tfound++;\n \n","s":{"c":1757189277,"u": 19027}} ],"g": 21189,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}