From 9ea337107990a8dd5d563c1f70b98a72c54aa13e Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Thu, 14 Feb 2013 16:00:45 -0800
Subject: [PATCH] 2nd round scan build

---
 ctaocrypt/benchmark/benchmark.c | 4 +---
 ctaocrypt/src/hmac.c            | 2 +-
 cyassl/internal.h               | 2 ++
 cyassl/test.h                   | 4 ++--
 src/ssl.c                       | 6 ++++++
 5 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c
index a8df9d993..021f4d5f0 100644
--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
@@ -649,6 +649,7 @@ void bench_rsa(void)
     }
     
     bytes = fread(tmp, 1, sizeof(tmp), file);
+    fclose(file);
 #endif /* USE_CERT_BUFFERS */
 
 #ifdef HAVE_CAVIUM
@@ -694,9 +695,6 @@ void bench_rsa(void)
     printf("RSA %d decryption took %6.2f milliseconds, avg over %d" 
            " iterations\n", rsaKeySz, milliEach, times);
 
-#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
-    fclose(file);
-#endif
     FreeRsaKey(&rsaKey);
 #ifdef HAVE_CAVIUM
     RsaFreeCavium(&rsaKey);
diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c
index ce5fe2920..291c6b70f 100644
--- a/ctaocrypt/src/hmac.c
+++ b/ctaocrypt/src/hmac.c
@@ -154,7 +154,7 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
         default:
         break;
     }
-    if ( (hmac_block_size - length) > 0)
+    if (length < hmac_block_size)
         XMEMSET(ip + length, 0, hmac_block_size - length);
 
     for(i = 0; i < hmac_block_size; i++) {
diff --git a/cyassl/internal.h b/cyassl/internal.h
index 49a3a35b1..f49d196dd 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -549,6 +549,8 @@ enum Misc {
     MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
     MAX_PSK_KEY_LEN    =  64,  /* max psk key supported */
 
+    MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4,  /* 4 mb file size alloc limit */
+
 #ifdef FORTRESS
     MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
 #endif
diff --git a/cyassl/test.h b/cyassl/test.h
index fe6118215..d4a2b986f 100644
--- a/cyassl/test.h
+++ b/cyassl/test.h
@@ -421,7 +421,7 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
 {
     fd_set recvfds, errfds;
     SOCKET_T nfds = socketfd + 1;
-    struct timeval timeout = {to_sec, 0};
+    struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
     int result;
 
     FD_ZERO(&recvfds);
@@ -570,7 +570,7 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
         int flags = fcntl(*sockfd, F_GETFL, 0);
         if (flags < 0)
             err_sys("fcntl get failed");
-        fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
+        flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
         if (flags < 0)
             err_sys("fcntl set failed");
     #endif
diff --git a/src/ssl.c b/src/ssl.c
index 030d96fb3..cd9225e76 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1739,6 +1739,12 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
     sz = XFTELL(file);
     XREWIND(file);
 
+    if (sz > MAX_CYASSL_FILE_SIZE) {
+        CYASSL_MSG("CertManagerVerify file too big");
+        XFCLOSE(file);
+        return SSL_BAD_FILE;
+    }
+
     if (sz > (long)sizeof(staticBuffer)) {
         CYASSL_MSG("Getting dynamic buffer");
         myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);