Merge pull request #8974 from rlm2002/coverity_fix

dgarske · web-flow · commit 3c00e2627449 · 2025-07-09T16:12:42.000-07:00
Coverity: Check values
diff --git a/src/dtls.c b/src/dtls.c
@@ -678,6 +678,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
             ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
         if ((sigAlgs.size % 2) != 0)
             ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
+        if (sigAlgs.size > WOLFSSL_MAX_SIGALGO)
+            ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
         suites.hashSigAlgoSz = (word16)sigAlgs.size;
         XMEMCPY(suites.hashSigAlgo, sigAlgs.elements, sigAlgs.size);
         haveSA = 1;
diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c
@@ -356,6 +356,8 @@ int blake2b_final( blake2b_state *S, byte *out, byte outlen )
     }
 
     S->buflen -= BLAKE2B_BLOCKBYTES;
+    if ( S->buflen >= (BLAKE2B_BLOCKBYTES * 2) )
+      return BAD_LENGTH_E;
     XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (wolfssl_word)S->buflen );
   }
 
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
@@ -1727,6 +1727,10 @@
     {
         word32 blocks = sz / DES_BLOCK_SIZE;
 
+        if (des == NULL || out == NULL || in == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
         while (blocks--) {
             xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
             DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg);

Original file line number	Diff line number	Diff line change
`@@ -356,6 +356,8 @@ int blake2b_final( blake2b_state S, byte out, byte outlen )`
`356`	`356`	`}`
`357`	`357`
`358`	`358`	`S->buflen -= BLAKE2B_BLOCKBYTES;`
	`359`	`+ if ( S->buflen >= (BLAKE2B_BLOCKBYTES * 2) )`
	`360`	`+ return BAD_LENGTH_E;`
`359`	`361`	`XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (wolfssl_word)S->buflen );`
`360`	`362`	`}`
`361`	`363`