Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: fix static analysis warning and use smart ptr #43117

Conversation

tniessen
Copy link
Member

Coverity issues a warning about value_before_reset == ca, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: #37990


Defect within value_before_reset == ca according to Coverity:

CID 239746 (#1 of 1): Wrapper object use after free (WRAPPER_ESCAPE)
8. use_after_free: Using invalidated internal representation of parameter cert.

@tniessen tniessen requested a review from jasnell May 16, 2022 01:22
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels May 16, 2022
@tniessen tniessen added the request-ci Add this label to start a Jenkins CI on a PR. label May 16, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label May 16, 2022
@nodejs-github-bot

This comment was marked as outdated.

Coverity issues a warning about `value_before_reset == ca`, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: nodejs#37990
@tniessen tniessen force-pushed the src-fix-coverity-warning-crypto-common branch from 35fc96f to 3bd3bba Compare May 16, 2022 19:09
@tniessen
Copy link
Member Author

Force-pushed to please the C++ linter, the actual diff is 35fc96f.

@tniessen tniessen added request-ci Add this label to start a Jenkins CI on a PR. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels May 16, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label May 16, 2022
@nodejs-github-bot

This comment was marked as outdated.

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@tniessen tniessen added the commit-queue Add this label to land a pull request using GitHub Actions. label May 18, 2022
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label May 18, 2022
@nodejs-github-bot nodejs-github-bot merged commit 06ba40a into nodejs:master May 18, 2022
@nodejs-github-bot
Copy link
Collaborator

Landed in 06ba40a

bengl pushed a commit that referenced this pull request May 30, 2022
Coverity issues a warning about `value_before_reset == ca`, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: #37990

PR-URL: #43117
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
@bengl bengl mentioned this pull request May 31, 2022
juanarbol pushed a commit that referenced this pull request May 31, 2022
Coverity issues a warning about `value_before_reset == ca`, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: #37990

PR-URL: #43117
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
danielleadams pushed a commit that referenced this pull request Jun 27, 2022
Coverity issues a warning about `value_before_reset == ca`, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: #37990

PR-URL: #43117
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
targos pushed a commit that referenced this pull request Jul 12, 2022
Coverity issues a warning about `value_before_reset == ca`, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: #37990

PR-URL: #43117
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
targos pushed a commit that referenced this pull request Jul 31, 2022
Coverity issues a warning about `value_before_reset == ca`, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: #37990

PR-URL: #43117
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
Coverity issues a warning about `value_before_reset == ca`, where
value_before_reset is a pointer that may not be valid. While comparing
the pointer itself should still work, we should really be using smart
pointers here so that this particular check can be simplified without
running into a memory leak.

Refactor SSL_CTX_get_issuer to return a smart pointer and update the
call sites accordingly. Note that we might have to change that in the
future once we improve error handling throughout crypto/tls.

Refs: nodejs/node#37990

PR-URL: nodejs/node#43117
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants