Re: [openssl.org #3428] bug report : crypto/des/ofb64enc.c: Uninitialized variable: d

Fri, 04 Jul 2014 11:34:16 -0700 

On 07/04/2014 11:17 AM, Ben Laurie wrote:
> It'd be nice, btw, if someone would report the bug to cppcheck.
http://5.150.254.56:443/trac-cppcheck/ticket/5970#ticket

Thx
> 
> On 4 July 2014 10:15, Ben Laurie <[email protected]> wrote:
>> On 3 July 2014 22:35, Kurt Roeckx <[email protected]> wrote:
>>> On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
>>>> On 3 July 2014 20:06, Kurt Roeckx via RT <[email protected]> wrote:
>>>>> On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
>>>>>> I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85
>>>>>> and 96, or ?:
>>>>>>
>>>>> The line before that:
>>>>>
>>>>>         dp=d;
>>>>>>         l2c(v0,dp);<--- Uninitialized variable: d
>>>>>>         l2c(v1,dp);<--- Uninitialized variable: d
>>>>>>         while (l--)
>>>>>>                 {
>>>>>>                 if (n == 0)
>>>>>>                         {
>>>>>>                         DES_encrypt1(ti,schedule,DES_ENCRYPT);
>>>>>>                         dp=d;
>>>>>>                         t=ti[0]; l2c(t,dp);
>>>>>>                         t=ti[1]; l2c(t,dp);
>>>>>>                         save++;
>>>>>>                         }
>>>>>>                 *(out++)= *(in++)^d[n];<--- Uninitialized variable: d
>>>>>>                 n=(n+1)&0x07;
>>>>>>                 }
>>>>>
>>>>> d is uninitialized, but it's being written to, not read from,
>>>>> so I don't see a problem with this.
>>>>
>>>> What?
>>>
>>> So l2c is:
>>> #define l2c(l,c)        (*((c)++)=(unsigned char)(((l))&0xff), \
>>>                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
>>>                          *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
>>>                          *((c)++)=(unsigned char)(((l)>>24L)&0xff))
>>>
>>> It reads v0 and v1 and writes to d (dp).  d being uninitialized
>>> shouldn't be an issue.  Or am I missing something?
>>
>> It writes to *d, surely? Which means d uninitialised is very much an issue, 
>> no?
>>
>> However, now I've read the code (it'd help if people posted enough
>> snippet to make that unnecessary!) I see d is DES_cblock, i.e. an
>> array, so the diagnosis is basically incorrect. And therefore I agree
>> with you, not a problem.
> 


-- 
Toralf
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to