Merge pull request #7523 from douzzer/20240511-clang-analyzer-unix.St…

…ream

20240511-clang-analyzer-unix.Stream

examples/asn1/asn1.c

@@ -73,6 +73,11 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
  while ((read_len = fread(data + len, 1, DATA_INC_LEN, fp)) != 0) {
  unsigned char* p;
 
+ if (ferror(fp)) {
+ free(data);
+ return IO_FAILED_E;
+ }
+
  /* Add read data amount to length. */
  len += (word32)read_len;
 
@@ -446,6 +451,10 @@ int main(int argc, char* argv[])
  return 1;
  }
  else {
+ if (fp != stdin) {
+ fprintf(stderr, "At most one input file can be supplied.\n");
+ return 1;
+ }
  /* Name of file to read. */
  fp = fopen(argv[0], "r");
  if (fp == NULL) {

examples/pem/pem.c

@@ -778,6 +778,10 @@ int main(int argc, char* argv[])
  fprintf(stderr, "No filename provided\n");
  return 1;
  }
+ if (in_file != stdin) {
+ fprintf(stderr, "At most one input file can be supplied.\n");
+ return 1;
+ }
  in_file = fopen(argv[0], "r");
  if (in_file == NULL) {
  fprintf(stderr, "File not able to be read: %s\n", argv[0]);

tests/api.c

@@ -54505,6 +54505,7 @@ static int test_wolfSSL_PEM_write_bio_PKCS7(void)
 }
 
 #ifdef HAVE_SMIME
+/* // NOLINTBEGIN(clang-analyzer-unix.Stream) */
 static int test_wolfSSL_SMIME_read_PKCS7(void)
 {
  EXPECT_DECLS;
@@ -54530,53 +54531,69 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
  ExpectNotNull(pkcs7);
  ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  PKCS7_NOVERIFY), SSL_SUCCESS);
- XFCLOSE(smimeTestFile);
+ if (smimeTestFile != XBADFILE) {
+ XFCLOSE(smimeTestFile);
+ smimeTestFile = XBADFILE;
+ }
  if (bcont) BIO_free(bcont);
  bcont = NULL;
  wolfSSL_PKCS7_free(pkcs7);
  pkcs7 = NULL;
 
  /* smime-test-multipart.p7s */
  smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
+ ExpectFalse(smimeTestFile == XBADFILE);
  ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  ExpectNotNull(pkcs7);
  ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  PKCS7_NOVERIFY), SSL_SUCCESS);
- XFCLOSE(smimeTestFile);
+ if (smimeTestFile != XBADFILE) {
+ XFCLOSE(smimeTestFile);
+ smimeTestFile = XBADFILE;
+ }
  if (bcont) BIO_free(bcont);
  bcont = NULL;
  wolfSSL_PKCS7_free(pkcs7);
  pkcs7 = NULL;
 
  /* smime-test-multipart-badsig.p7s */
  smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
+ ExpectFalse(smimeTestFile == XBADFILE);
  ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */
  ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  PKCS7_NOVERIFY), SSL_FAILURE);
- XFCLOSE(smimeTestFile);
+ if (smimeTestFile != XBADFILE) {
+ XFCLOSE(smimeTestFile);
+ smimeTestFile = XBADFILE;
+ }
  if (bcont) BIO_free(bcont);
  bcont = NULL;
  wolfSSL_PKCS7_free(pkcs7);
  pkcs7 = NULL;
 
  /* smime-test-canon.p7s */
  smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+ ExpectFalse(smimeTestFile == XBADFILE);
  ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  ExpectNotNull(pkcs7);
  ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
  PKCS7_NOVERIFY), SSL_SUCCESS);
- XFCLOSE(smimeTestFile);
+ if (smimeTestFile != XBADFILE) {
+ XFCLOSE(smimeTestFile);
+ smimeTestFile = XBADFILE;
+ }
  if (bcont) BIO_free(bcont);
  bcont = NULL;
  wolfSSL_PKCS7_free(pkcs7);
  pkcs7 = NULL;
 
  /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
  smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+ ExpectFalse(smimeTestFile == XBADFILE);
  ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  ExpectNotNull(pkcs7);
@@ -54596,6 +54613,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
 #endif
  return EXPECT_RESULT();
 }
+/* // NOLINTEND(clang-analyzer-unix.Stream) */
 
 static int test_wolfSSL_SMIME_write_PKCS7(void)
 {

tests/utils.h

@@ -99,8 +99,12 @@ int copy_file(const char* in, const char* out)
  goto cleanup;
 
  while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) {
+ if (XFERROR(inFile))
+ goto cleanup;
  if (XFWRITE(buf, 1, sz, outFile) != sz)
  goto cleanup;
+ if (XFEOF(inFile))
+ break;
  }
 
  ret = 0;

testsuite/testsuite.c

@@ -610,12 +610,19 @@ void file_test(const char* file, byte* check)
  return;
  }
  while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 ) {
+ if (ferror(f)) {
+ printf("I/O error reading %s\n", file);
+ fclose(f);
+ return;
+ }
  ret = wc_Sha256Update(&sha256, buf, i);
  if (ret != 0) {
  printf("Can't wc_Sha256Update %d\n", ret);
  fclose(f);
  return;
  }
+ if (feof(f))
+ break;
  }
 
  ret = wc_Sha256Final(&sha256, shasum);

wolfssl/wolfcrypt/wc_port.h

@@ -709,6 +709,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
  #define XFGETS fgets
  #define XFPRINTF fprintf
  #define XFFLUSH fflush
+ #define XFEOF(fp) feof(fp)
+ #define XFERROR(fp) ferror(fp)
+ #define XCLEARERR(fp) clearerr(fp)
 
  #if !defined(NO_WOLFSSL_DIR)\
  && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
@@ -773,6 +776,15 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
  #ifndef MAX_PATH
  #define MAX_PATH (260 + 1)
  #endif
+ #ifndef XFEOF
+ #define XFEOF(fp) 0
+ #endif
+ #ifndef XFERROR
+ #define XFERROR(fp) 0
+ #endif
+ #ifndef XCLEARERR
+ #define XCLEARERR(fp) WC_DO_NOTHING
+ #endif
 
  WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf,
  size_t* bufLen, void* heap);