2nd round scan build

2013-02-14 16:00:45 -08:00 · 2013-02-14 16:00:45 -08:00 · 9ea3371079
parent cdc651a75a
commit 9ea3371079
5 changed files with 12 additions and 6 deletions
--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
@ -649,6 +649,7 @@ void bench_rsa(void)
    }
    
    bytes = fread(tmp, 1, sizeof(tmp), file);
+    fclose(file);
 #endif /* USE_CERT_BUFFERS */

 #ifdef HAVE_CAVIUM
@ -694,9 +695,6 @@ void bench_rsa(void)
    printf("RSA %d decryption took %6.2f milliseconds, avg over %d" 
           " iterations\n", rsaKeySz, milliEach, times);

-#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
-    fclose(file);
-#endif
    FreeRsaKey(&rsaKey);
 #ifdef HAVE_CAVIUM
    RsaFreeCavium(&rsaKey);
--- a/ctaocrypt/src/hmac.c
+++ b/ctaocrypt/src/hmac.c
@ -154,7 +154,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
        default:
        break;
    }
-    if ( (hmac_block_size - length) > 0)
+    if (length < hmac_block_size)
        XMEMSET(ip + length, 0, hmac_block_size - length);

    for(i = 0; i < hmac_block_size; i++) {
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@ -549,6 +549,8 @@ enum Misc {
    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
    MAX_PSK_KEY_LEN    =  64,  /* max psk key supported */

+    MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4,  /* 4 mb file size alloc limit */
+
 #ifdef FORTRESS
    MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
 #endif
--- a/cyassl/test.h
+++ b/cyassl/test.h
@ -421,7 +421,7 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
 {
    fd_set recvfds, errfds;
    SOCKET_T nfds = socketfd + 1;
-    struct timeval timeout = {to_sec, 0};
+    struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
    int result;

    FD_ZERO(&recvfds);
@ -570,7 +570,7 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
        int flags = fcntl(*sockfd, F_GETFL, 0);
        if (flags < 0)
            err_sys("fcntl get failed");
-        fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
+        flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
        if (flags < 0)
            err_sys("fcntl set failed");
    #endif
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1739,6 +1739,12 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
    sz = XFTELL(file);
    XREWIND(file);

+    if (sz > MAX_CYASSL_FILE_SIZE) {
+        CYASSL_MSG("CertManagerVerify file too big");
+        XFCLOSE(file);
+        return SSL_BAD_FILE;
+    }
+
    if (sz > (long)sizeof(staticBuffer)) {
        CYASSL_MSG("Getting dynamic buffer");
        myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);