From owner-freebsd-bugs@FreeBSD.ORG Sat Sep 11 15:50:15 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C49E16A4CE for ; Sat, 11 Sep 2004 15:50:15 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4356D43D66 for ; Sat, 11 Sep 2004 15:50:15 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i8BFoEII003963 for ; Sat, 11 Sep 2004 15:50:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8BFoE5k003957; Sat, 11 Sep 2004 15:50:14 GMT (envelope-from gnats) Resent-Date: Sat, 11 Sep 2004 15:50:14 GMT Resent-Message-Id: <200409111550.i8BFoE5k003957@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dan Lukes Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F65A16A4D1 for ; Sat, 11 Sep 2004 15:40:29 +0000 (GMT) Received: from kulesh.obluda.cz (kulesh.obluda.cz [193.179.22.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id A86EF43D53 for ; Sat, 11 Sep 2004 15:40:27 +0000 (GMT) (envelope-from dan@kulesh.obluda.cz) Received: from kulesh.obluda.cz (localhost.eunet.cz [127.0.0.1]) by kulesh.obluda.cz (8.13.1/8.13.1) with ESMTP id i8BFeOI2002109 for ; Sat, 11 Sep 2004 17:40:24 +0200 (CEST) (envelope-from dan@kulesh.obluda.cz) Received: (from root@localhost) by kulesh.obluda.cz (8.13.1/8.13.1/Submit) id i8BFeN4k002108; Sat, 11 Sep 2004 17:40:23 +0200 (CEST) (envelope-from dan) Message-Id: <200409111540.i8BFeN4k002108@kulesh.obluda.cz> Date: Sat, 11 Sep 2004 17:40:23 +0200 (CEST) From: Dan Lukes To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/71594: pkg_install (sign) - variables ma be used unitialized in some cases X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dan Lukes List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Sep 2004 15:50:15 -0000 >Number: 71594 >Category: bin >Synopsis: pkg_install (sign) - variables ma be used unitialized in some cases >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 11 15:50:14 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Dan Lukes >Release: FreeBSD 5.3-BETA3 i386 >Organization: Obludarium >Environment: System: FreeBSD kulesh.obluda.cz 5.3-BETA3 FreeBSD 5.3-BETA3 #8: Sun Sep 5 07:06:40 CEST 2004 dan@kulesh.obluda.cz:/usr/obj/usr/src/sys/Dan i386 usr.sbin/pkg_install/sign/x509.c,v 1.4 2004/06/29 19:06:42 eik usr.sbin/pkg_install/sign/sign.c,v 1.4 2004/06/29 19:06:42 eik >Description: in function retrieve_x509_marker (usr.sbin/pkg_install/sign/x509.c) the descriptor 'f' isn't closed sometime usr.sbin/pkg_install/sign/sign.c:106: warning: 'success' might be used uninitialized in this function usr.sbin/pkg_install/sign/x509.c:206: warning: 'md_ctx' might be used uninitialized in this function usr.sbin/pkg_install/sign/x509.c:276: warning: 'n' might be used uninitialized in this function All three warning are sign of error as mentioned variables can be used uninitialized sometime (especially when package prepared by a poor man). In advance I'm corrected two typos within messages (Uknown -> Unknown). >How-To-Repeat: N/A >Fix: *** usr.sbin/pkg_install/sign/sign.c.ORIG Sun Aug 8 21:13:50 2004 --- usr.sbin/pkg_install/sign/sign.c Sat Sep 11 16:52:17 2004 *************** *** 116,121 **** --- 116,124 ---- case TAG_X509: success = retrieve_x509_marker(filename, &sign, userid); break; + default: + success = 0; + fprintf(stderr, "Unknown type %d\n", type); } if (!success) { *** usr.sbin/pkg_install/sign/x509.c.ORIG Sun Aug 8 21:13:50 2004 --- usr.sbin/pkg_install/sign/x509.c Sat Sep 11 17:22:04 2004 *************** *** 152,158 **** break; default: ! warnx("Uknown certificate type"); return 0; } --- 152,159 ---- break; default: ! warnx("Unknown certificate type: %d", EVP_PKEY_type(X509_get_pubkey(x509)->type)); ! fclose(fp); return 0; } *************** *** 234,246 **** break; default: break; } ! status = EVP_VerifyFinal(md_ctx, ! n->signature->data, ! n->signature->length, ! pkey); EVP_PKEY_free(pkey); X509_free(x509); --- 235,249 ---- break; default: + warnx("Unknown public key type: %d", EVP_PKEY_type(pkey->type)); + md_ctx = NULL; break; } ! status = (md_ctx == NULL) ? 0 : EVP_VerifyFinal(md_ctx, ! n->signature->data, ! n->signature->length, ! pkey); EVP_PKEY_free(pkey); X509_free(x509); *************** *** 291,303 **** f = fopen(filename, "r"); if (f == NULL) { - free(n); return 0; } if (gzip_read_header(f, &h, sign) == GZIP_NOT_GZIP) { warnx("File %s is not a gzip file\n", filename); fclose(f); - free(n); return 0; } --- 294,304 ---- *************** *** 314,319 **** --- 315,321 ---- if (keyf == NULL) { warnx("Cannot open private key %s.", keyfile); + fclose(f); return 0; } *************** *** 335,350 **** { case EVP_PKEY_RSA: md_type = EVP_sha1(); - printf("*** It's an RSA key.\n"); break; case EVP_PKEY_DSA: md_type = EVP_dss1(); - printf("@@@ It's a DSA key, yippee!\n"); break; default: ! warnx("Uknown key type"); return 0; } --- 337,351 ---- { case EVP_PKEY_RSA: md_type = EVP_sha1(); break; case EVP_PKEY_DSA: md_type = EVP_dss1(); break; default: ! warnx("Unknown key type"); ! fclose(f); return 0; } *************** *** 352,357 **** --- 353,360 ---- while ((length = fread(buffer, 1, sizeof buffer, f)) > 0) EVP_SignUpdate(&md_ctx, buffer, length); + + fclose(f); sig_buf = malloc(sig_len); if (sig_buf == NULL) { >Release-Note: >Audit-Trail: >Unformatted: