Fwd: New Defects reported by Coverity Scan for Das U-Boot

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Jul 26 06:22:03 CEST 2022 

Hello Tom,

could you, please, have a look at the problems reported by Coverity
concerning code introduced by you into U-Boot.

For SHA256_Update_recycle() I guess you just have to change the
signature of the function to

      SHA256_Update_recycled (SHA256_CTX *ctx,
                              unsigned char *block, size_t len)

Looking at

https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=59559157&defectInstanceId=12260012&mergedDefectId=355364

https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=59559157&defectInstanceId=12260012&mergedDefectId=355365

and

https://scan8.scan.coverity.com/reports.htm#v40863/p10710/fileInstanceId=59559157&defectInstanceId=12260012&mergedDefectId=355366

I think the issues are false positives:

Coverity ignores that if the sha256_update() is called will length < 64
sha256_process() will be called with blocks = 0 and will not access the
buffer.

Best regards

Heinrich


-------- Forwarded Message --------
Subject: New Defects reported by Coverity Scan for Das U-Boot
Date: Tue, 26 Jul 2022 00:49:17 +0000 (UTC)
From: scan-admin at coverity.com
To: xypron.glpk at gmx.de

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot
found with Coverity Scan.

3 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 355366:    (OVERRUN)


________________________________________________________________________________________________________
*** CID 355366:    (OVERRUN)
/lib/crypt/crypt-sha256.c: 104 in SHA256_Update_recycled()
98     SHA256_Update_recycled (SHA256_CTX *ctx,
99                             unsigned char block[32], size_t len)
100     {
101       size_t cnt;
102       for (cnt = len; cnt >= 32; cnt -= 32)
103         SHA256_Update (ctx, block, 32);
>>>     CID 355366:    (OVERRUN)
>>>     Overrunning buffer pointed to by "(void const *)block" of 32 bytes by passing it to a function which accesses it at byte offset 63.
104       SHA256_Update (ctx, block, cnt);
105     }
106     107     void
108     crypt_sha256crypt_rn (const char *phrase, size_t phr_size,
109                           const char *setting, size_t ARG_UNUSED
(set_size),
/lib/crypt/crypt-sha256.c: 103 in SHA256_Update_recycled()
97     static void
98     SHA256_Update_recycled (SHA256_CTX *ctx,
99                             unsigned char block[32], size_t len)
100     {
101       size_t cnt;
102       for (cnt = len; cnt >= 32; cnt -= 32)
>>>     CID 355366:    (OVERRUN)
>>>     Overrunning buffer pointed to by "(void const *)block" of 32 bytes by passing it to a function which accesses it at byte offset 63.
103         SHA256_Update (ctx, block, 32);
104       SHA256_Update (ctx, block, cnt);
105     }
106     107     void
108     crypt_sha256crypt_rn (const char *phrase, size_t phr_size,

** CID 355365:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 355365:  Memory - corruptions  (OVERRUN)
/lib/crypt/crypt-sha256.c: 212 in crypt_sha256crypt_rn()
206          characters and it ends at the first `$' character (for
207          compatibility with existing implementations).  */
208       SHA256_Update (ctx, salt, salt_size);
209     210       /* Add for any character in the phrase one byte of the
alternate sum.  */
211       for (cnt = phr_size; cnt > 32; cnt -= 32)
>>>     CID 355365:  Memory - corruptions  (OVERRUN)
>>>     Overrunning buffer pointed to by "(void const *)result" of 32 bytes by passing it to a function which accesses it at byte offset 63.
212         SHA256_Update (ctx, result, 32);
213       SHA256_Update (ctx, result, cnt);
214     215       /* Take the binary representation of the length of the
phrase and for every
216          1 add the alternate sum, for every 0 the phrase.  */
217       for (cnt = phr_size; cnt > 0; cnt >>= 1)

** CID 355364:    (OVERRUN)


________________________________________________________________________________________________________
*** CID 355364:    (OVERRUN)
/lib/sha256.c: 259 in sha256_finish()
253     	PUT_UINT32_BE(low, msglen, 4);
254     255     	last = ctx->total[0] & 0x3F;
256     	padn = (last < 56) ? (56 - last) : (120 - last);
257     258     	sha256_update(ctx, sha256_padding, padn);
>>>     CID 355364:    (OVERRUN)
>>>     Overrunning array "msglen" of 8 bytes by passing it to a function which accesses it at byte offset 63.
259     	sha256_update(ctx, msglen, 8);
260     261     	PUT_UINT32_BE(ctx->state[0], digest, 0);
262     	PUT_UINT32_BE(ctx->state[1], digest, 4);
263     	PUT_UINT32_BE(ctx->state[2], digest, 8);
264     	PUT_UINT32_BE(ctx->state[3], digest, 12);
/lib/sha256.c: 259 in sha256_finish()
253     	PUT_UINT32_BE(low, msglen, 4);
254     255     	last = ctx->total[0] & 0x3F;
256     	padn = (last < 56) ? (56 - last) : (120 - last);
257     258     	sha256_update(ctx, sha256_padding, padn);
>>>     CID 355364:    (OVERRUN)
>>>     Overrunning array "msglen" of 8 bytes by passing it to a function which accesses it at byte offset 63.
259     	sha256_update(ctx, msglen, 8);
260     261     	PUT_UINT32_BE(ctx->state[0], digest, 0);
262     	PUT_UINT32_BE(ctx->state[1], digest, 4);
263     	PUT_UINT32_BE(ctx->state[2], digest, 8);
264     	PUT_UINT32_BE(ctx->state[3], digest, 12);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3D2T0s_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2XoD3RFHsuIXMFMppPhcX3i-2BylqPVMQRSkcH-2F8FH0yrtiNsTyqrACwgwKzcFMo110d4rbYxVU-2B6HUewkm6-2BnWaHjEY6qmqSh3JibC9pdT8olo3BdbSy-2BWanWn1DBtOw1z1cdAbywwX9dt2U78a3fVdmOhb2POgsi0MvPp4Pxgp4Cg-3D-3D

   To manage Coverity Scan email notifications for "xypron.glpk at gmx.de",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx4Y-2F1WK-2FIlbEOzfoxXLI-2FdwA0wwGn90rGGrBgiHW-2ByLDLbUOEV7XOvtc9zJmj9LPyrT06WSaMnNrm6wfrUN-2BXuWoaHdqOoEyL7CQlGSiE-2BfE-3D_9qC_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2XoD3RFHsuIXMFMppPhcX3iF6KnEIxQAjMHO-2BlD-2FPGZz4TDSk0BBoeIgWfCDpuLTBt0y-2B4v9hleXOTCQWQXpAtOvLz9f5xcEFBHkc8v8-2FEgrl-2B-2FxBUaiZwIAadIw6kkwIOi1-2BjFknesS-2FQN5pLywQA-2FRiTVFu8P4KaYNq7QGyQkrQ-3D-3D

More information about the U-Boot mailing list