[PATCH] px5g-mbedtls (Was: px5g return value checking)

Peter Naulls peter at chocky.org
Mon Nov 7 07:14:53 PST 2022


On 11/3/22 14:49, Peter Naulls wrote:
> 
> Another one from our security scan:
> 
> File: /usr/sbin/px5g
> Issue: RET NOT ASSIGNED in function 'FUN_000281b0' at address 0x281c0 while 
> calling 'mbedtls_rsa_check_pub_priv'
> Issue: RET NOT ASSIGNED in function 'FUN_000285e8' at address 0x285f8 while 
> calling 'mbedtls_ecp_check_pub_priv'
> 

The problem is in fact with px5g-mbedtls util, not the library:



--- a/px5g-mbedtls.c
+++ b/px5g-mbedtls.c
@@ -113,13 +113,13 @@ static void gen_key(mbedtls_pk_context *key, bool rsa, int 
ksize, int exp,
         mbedtls_pk_init(key);
         if (rsa) {
                 fprintf(stderr, "Generating RSA private key, %i bit long 
modulus\n", ksize);
-               mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
-               if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, 
ksize, exp))
+               if (!mbedtls_pk_setup(key, 
mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) &&
+                       !mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, 
NULL, ksize, exp))
                         return;
         } else {
                 fprintf(stderr, "Generating EC private key\n");
-               mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
-               if (!mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), _urandom, 
NULL))
+               if (!mbedtls_pk_setup(key, 
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) &&
+                       !mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), 
_urandom, NULL))
                         return;
         }
         fprintf(stderr, "error: key generation failed\n");






More information about the openwrt-devel mailing list