1 Topic by Andrey Karpov

(1 replies, posted in yaSSL (Deprecated) [READ ONLY])

I downloaded cyassl-2.4.0.zip and checked the project using PVS-Studio. One can say that I found nothing. Good code.
Drew attention to only two seats. Do not know if there is an error or not. Decided to write. Just in case.

1) V612 An unconditional 'return' within a loop. internal.c 7190

static int DoClientHello(....)
{
  ....
  while (ssl->options.resuming) {
    ....
    if (!session) {
      ....
      break;
    }
    if (MatchSuite(ssl, &clSuites) < 0) {
      ....
      return UNSUPPORTED_SUITE;
    }
    ....
    return ret;
  }
  return MatchSuite(ssl, &clSuites);
}

Also:
V612 An unconditional 'return' within a loop. internal.c 7026

2) V614 Potentially uninitialized variable 'rhSize' used. sniffer.c 2255

static int ProcessMessage(....)
{
  int rhSize;
  ....
  notEnough = 0;
  ....
  if (sslBytes >= RECORD_HEADER_SZ) {
    if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
      ....
      return -1;
    }
  }
  else
    notEnough = 1;
  ....
  if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) {
    ....
  }

  tmp = sslFrame + rhSize;   <<<---
  ....
}

Go to forum: yaSSL (Deprecated) [READ ONLY]